From 923fd05eb3e8d917ad9fe0a96b9e0fe33983451b Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 10 Dec 2021 19:26:32 -0500 Subject: [PATCH 01/13] Contribute a TAXII 2.1 import style misp-module. --- .gitmodules | 4 + misp_modules/lib/misp-objects | 1 + misp_modules/lib/stix2misp.py | 2070 +++++++++++++++++++ misp_modules/lib/stix2misp_mapping.py | 460 +++++ misp_modules/lib/synonymsToTagNames.json | 1 + misp_modules/modules/import_mod/__init__.py | 1 + misp_modules/modules/import_mod/taxii21.py | 354 ++++ 7 files changed, 2891 insertions(+) create mode 100644 .gitmodules create mode 160000 misp_modules/lib/misp-objects create mode 100644 misp_modules/lib/stix2misp.py create mode 100644 misp_modules/lib/stix2misp_mapping.py create mode 100644 misp_modules/lib/synonymsToTagNames.json create mode 100644 misp_modules/modules/import_mod/taxii21.py diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..e9f78ac5 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "misp_modules/lib/misp-objects"] + path = misp_modules/lib/misp-objects + url = https://github.com/MISP/misp-objects.git + branch = main diff --git a/misp_modules/lib/misp-objects b/misp_modules/lib/misp-objects new file mode 160000 index 00000000..9dc7e357 --- /dev/null +++ b/misp_modules/lib/misp-objects @@ -0,0 +1 @@ +Subproject commit 9dc7e3578f2165e32a3b7cdd09e9e552f2d98d36 diff --git a/misp_modules/lib/stix2misp.py b/misp_modules/lib/stix2misp.py new file mode 100644 index 00000000..ed875b56 --- /dev/null +++ b/misp_modules/lib/stix2misp.py @@ -0,0 +1,2070 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# Copyright (C) 2017-2018 CIRCL Computer Incident Response Center Luxembourg (smile gie) +# Copyright (C) 2017-2018 Christian Studer +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as +# published by the Free Software Foundation, either version 3 of the +# License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +import sys +import json +import os +import time +import io +import pymisp +import stix2 +import misp_modules.lib.stix2misp_mapping as stix2misp_mapping +from collections import defaultdict +from copy import deepcopy +from pathlib import Path +_misp_objects_path = Path(__file__).parent / 'misp-objects' / 'objects' +_misp_types = pymisp.AbstractMISP().describe_types.get('types') +from pymisp import MISPEvent, MISPObject, MISPAttribute + + +class StixParser(): + _galaxy_types = ('intrusion-set', 'malware', 'threat-actor', 'tool') + _stix2misp_mapping = {'marking-definition': '_load_marking', + 'relationship': '_load_relationship', + 'report': '_load_report', + 'indicator': '_parse_indicator', + 'observed-data': '_parse_observable', + 'identity': '_load_identity'} + _stix2misp_mapping.update({galaxy_type: '_load_galaxy' for galaxy_type in _galaxy_types}) + _special_mapping = {'attack-pattern': 'parse_attack_pattern', + 'course-of-action': 'parse_course_of_action', + 'vulnerability': 'parse_vulnerability'} + _timeline_mapping = {'indicator': ('valid_from', 'valid_until'), + 'observed-data': ('first_observed', 'last_observed')} + + def __init__(self): + super().__init__() + self.misp_event = MISPEvent() + self.relationship = defaultdict(list) + self.tags = set() + self.galaxy = {} + self.marking_definition = {} + + def handler(self, event, filename, args): + self.filename = filename + self.stix_version = f"STIX {event['spec_version'] if event.get('spec_version') else '2.1'}" + try: + event_distribution = args[0] + if not isinstance(event_distribution, int): + event_distribution = int(event_distribution) if event_distribution.isdigit() else 0 + except IndexError: + event_distribution = 0 + try: + attribute_distribution = args[1] + if attribute_distribution == 'event': + attribute_distribution = 5 + if not isinstance(attribute_distribution, int): + attribute_distribution = int(attribute_distribution) if attribute_distribution.isdigit() else 5 + except IndexError: + attribute_distribution = 5 + synonyms_to_tag_names = args[2] if len(args) > 2 else '/var/www/MISP/app/files/scripts/synonymsToTagNames.json' + with open(synonyms_to_tag_names, 'rt', encoding='utf-8') as f: + self._synonyms_to_tag_names = json.loads(f.read()) + self.parse_event(event) + + def _load_galaxy(self, galaxy): + self.galaxy[galaxy['id'].split('--')[1]] = {'tag_names': self.parse_galaxy(galaxy), 'used': False} + + def _load_identity(self, identity): + try: + self.identity[identity['id'].split('--')[1]] = identity['name'] + except AttributeError: + self.identity = {identity['id'].split('--')[1]: identity['name']} + + def _load_marking(self, marking): + tag = self.parse_marking(marking) + self.marking_definition[marking['id'].split('--')[1]] = {'object': tag, 'used': False} + + def _load_relationship(self, relationship): + target_uuid = relationship.target_ref.split('--')[1] + reference = (target_uuid, relationship.relationship_type) + source_uuid = relationship.source_ref.split('--')[1] + self.relationship[source_uuid].append(reference) + + def _load_report(self, report): + try: + self.report[report['id'].split('--')[1]] = report + except AttributeError: + self.report = {report['id'].split('--')[1]: report} + + def save_file(self): + event = self.misp_event.to_json() + with open(f'{self.filename}.stix2', 'wt', encoding='utf-8') as f: + f.write(event) + + ################################################################################ + ## PARSING FUNCTIONS USED BY BOTH SUBCLASSES. ## + ################################################################################ + + def handle_markings(self): + if hasattr(self, 'marking_refs'): + for attribute in self.misp_event.attributes: + if attribute.uuid in self.marking_refs: + for marking_uuid in self.marking_refs[attribute.uuid]: + attribute.add_tag(self.marking_definition[marking_uuid]['object']) + self.marking_definition[marking_uuid]['used'] = True + if self.marking_definition: + for marking_definition in self.marking_definition.values(): + if not marking_definition['used']: + self.tags.add(marking_definition['object']) + if self.tags: + for tag in self.tags: + self.misp_event.add_tag(tag) + + @staticmethod + def _parse_email_body(body, references): + attributes = [] + for body_multipart in body: + reference = references.pop(body_multipart['body_raw_ref']) + feature = body_multipart['content_disposition'].split(';')[0] + if feature in stix2misp_mapping.email_references_mapping: + attribute = deepcopy(stix2misp_mapping.email_references_mapping[feature]) + else: + print(f'Unknown content disposition in the following email body: {body_multipart}', file=sys.stderr) + continue + if isinstance(reference, stix2.v20.observables.Artifact): + attribute.update({ + 'value': body_multipart['content_disposition'].split('=')[-1].strip("'"), + 'data': reference.payload_bin, + 'to_ids': False + }) + else: + attribute.update({ + 'value': reference.name, + 'to_ids': False + }) + attributes.append(attribute) + return attributes + + @staticmethod + def _parse_email_references(email_message, references): + attributes = [] + if hasattr(email_message, 'from_ref'): + reference = references.pop(email_message.from_ref) + attribute = { + 'value': reference.value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.email_references_mapping['from_ref']) + attributes.append(attribute) + for feature in ('to_refs', 'cc_refs'): + if hasattr(email_message, feature): + for ref_id in getattr(email_message, feature): + reference = references.pop(ref_id) + attribute = { + 'value': reference.value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.email_references_mapping[feature]) + attributes.append(attribute) + return attributes + + def parse_galaxies(self): + for galaxy in self.galaxy.values(): + if not galaxy['used']: + for tag_name in galaxy['tag_names']: + self.tags.add(tag_name) + + @staticmethod + def _parse_network_connection_reference(feature_type, feature, value): + if feature == 'type': + return {type: value.format(feature_type) for type, value in stix2misp_mapping.network_traffic_references_mapping[value].items()} + return {feature: value} + + @staticmethod + def _parse_network_traffic_protocol(protocol): + return {'type': 'text', 'value': protocol, 'to_ids': False, + 'object_relation': f'layer{stix2misp_mapping.connection_protocols[protocol]}-protocol'} + + @staticmethod + def _parse_observable_reference(reference, mapping, feature=None): + attribute = { + 'value': reference.value, + 'to_ids': False + } + if feature is not None: + attribute.update({key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) + return attribute + attribute.update({key: value for key, value in getattr(stix2misp_mapping, mapping)[reference._type].items()}) + return attribute + + def parse_pe(self, extension): + pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) + self.fill_misp_object(pe_object, extension, 'pe_mapping') + for section in extension['sections']: + section_object = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) + self.fill_misp_object(section_object, section, 'pe_section_mapping') + if hasattr(section, 'hashes'): + self.fill_misp_object(section_object, section.hashes, 'pe_section_mapping') + self.misp_event.add_object(section_object) + pe_object.add_reference(section_object.uuid, 'includes') + self.misp_event.add_object(pe_object) + return pe_object.uuid + + def parse_relationships(self): + attribute_uuids = tuple(attribute.uuid for attribute in self.misp_event.attributes) + object_uuids = tuple(object.uuid for object in self.misp_event.objects) + for source, references in self.relationship.items(): + if source in object_uuids: + source_object = self.misp_event.get_object_by_uuid(source) + for reference in references: + target, reference = reference + if target in attribute_uuids or target in object_uuids: + source_object.add_reference(target, reference) + elif source in attribute_uuids: + for attribute in self.misp_event.attributes: + if attribute.uuid == source: + for reference in references: + target, reference = reference + if target in self.galaxy: + for tag_name in self.galaxy[target]['tag_names']: + attribute.add_tag(tag_name) + self.galaxy[target]['used'] = True + break + + def parse_report(self, event_uuid=None): + event_infos = set() + self.misp_event.uuid = event_uuid if event_uuid and len(self.report) > 1 else tuple(self.report.keys())[0] + for report in self.report.values(): + if hasattr(report, 'name') and report.name: + event_infos.add(report.name) + if hasattr(report, 'labels') and report.labels: + for label in report.labels: + self.tags.add(label) + if hasattr(report, 'object_marking_refs') and report.object_marking_refs: + for marking_ref in report.object_marking_refs: + marking_ref = marking_ref.split('--')[1] + try: + self.tags.add(self.marking_definition[marking_ref]['object']) + self.marking_definition[marking_ref]['used'] = True + except KeyError: + continue + if hasattr(report, 'external_references'): + for reference in report.external_references: + self.misp_event.add_attribute(**{'type': 'link', 'value': reference['url']}) + if len(event_infos) == 1: + self.misp_event.info = event_infos.pop() + else: + self.misp_event.info = f'Imported with MISP import script for {self.stix_version}' + + @staticmethod + def _parse_user_account_groups(groups): + attributes = [{'type': 'text', 'object_relation': 'group', 'to_ids': False, + 'disable_correlation': True, 'value': group} for group in groups] + return attributes + + ################################################################################ + ## UTILITY FUNCTIONS. ## + ################################################################################ + + @staticmethod + def _choose_with_priority(container, first_choice, second_choice): + return first_choice if first_choice in container else second_choice + + def filter_main_object(self, observable, main_type, test_function='_standard_test_filter'): + references = {} + main_objects = [] + for key, value in observable.items(): + if getattr(self, test_function)(value, main_type): + main_objects.append(value) + else: + references[key] = value + if len(main_objects) > 1: + print(f'More than one {main_type} objects in this observable: {observable}', file=sys.stderr) + return main_objects[0] if main_objects else None, references + + @staticmethod + def getTimestampfromDate(date): + try: + return int(date.timestamp()) + except AttributeError: + return int(time.mktime(time.strptime(date.split('+')[0], "%Y-%m-%dT%H:%M:%S.%fZ"))) + + @staticmethod + def _handle_data(data): + return io.BytesIO(data.encode()) + + @staticmethod + def parse_marking(marking): + marking_type = marking.definition_type + tag = getattr(marking.definition, marking_type) + return "{}:{}".format(marking_type, tag) + + def parse_timeline(self, stix_object): + misp_object = {'timestamp': self.getTimestampfromDate(stix_object.modified)} + try: + first, last = self._timeline_mapping[stix_object._type] + first_seen = getattr(stix_object, first) + if stix_object.created != first_seen and stix_object.modified != first_seen: + misp_object['first_seen'] = first_seen + if hasattr(stix_object, last): + misp_object['last_seen'] = getattr(stix_object, last) + elif hasattr(stix_object, last): + misp_object.update({'first_seen': first_seen, 'last_seen': getattr(stix_object, last)}) + except KeyError: + pass + return misp_object + + @staticmethod + def _process_test_filter(value, main_type): + _is_main_process = any(feature in value for feature in ('parent_ref', 'child_refs')) + return isinstance(value, getattr(stix2.v20.observables, main_type)) and _is_main_process + + @staticmethod + def _standard_test_filter(value, main_type): + return isinstance(value, getattr(stix2.v20.observables, main_type)) + + def update_marking_refs(self, attribute_uuid, marking_refs): + try: + self.marking_refs[attribute_uuid] = tuple(marking.split('--')[1] for marking in marking_refs) + except AttributeError: + self.marking_refs = {attribute_uuid: tuple(marking.split('--')[1] for marking in marking_refs)} + + +class StixFromMISPParser(StixParser): + def __init__(self): + super().__init__() + self._stix2misp_mapping.update({'custom_object': '_parse_custom'}) + self._stix2misp_mapping.update({special_type: '_parse_undefined' for special_type in ('attack-pattern', 'course-of-action', 'vulnerability')}) + self._custom_objects = tuple(filename.name.replace('_', '-') for filename in _misp_objects_path.glob('*') if '_' in filename.name) + + def parse_event(self, stix_event): + for stix_object in stix_event.objects: + object_type = stix_object['type'] + if object_type.startswith('x-misp-object'): + object_type = 'custom_object' + if object_type in self._stix2misp_mapping: + getattr(self, self._stix2misp_mapping[object_type])(stix_object) + else: + print(f'not found: {object_type}', file=sys.stderr) + if self.relationship: + self.parse_relationships() + if self.galaxy: + self.parse_galaxies() + if hasattr(self, 'report'): + self.parse_report() + self.handle_markings() + + def _parse_custom(self, custom): + if 'from_object' in custom['labels']: + self.parse_custom_object(custom) + else: + self.parse_custom_attribute(custom) + + def _parse_indicator(self, indicator): + if 'from_object' in indicator['labels']: + self.parse_indicator_object(indicator) + else: + self.parse_indicator_attribute(indicator) + + def _parse_observable(self, observable): + if 'from_object' in observable['labels']: + self.parse_observable_object(observable) + else: + self.parse_observable_attribute(observable) + + def _parse_undefined(self, stix_object): + if any(label.startswith('misp-galaxy:') for label in stix_object.get('labels', [])): + self._load_galaxy(stix_object) + else: + getattr(self, self._special_mapping[stix_object._type])(stix_object) + + ################################################################################ + ## PARSING FUNCTIONS. ## + ################################################################################ + + def fill_misp_object(self, misp_object, stix_object, mapping, + to_call='_fill_observable_object_attribute'): + for feature, value in stix_object.items(): + if feature not in getattr(stix2misp_mapping, mapping): + if feature.startswith('x_misp_'): + attribute = self.parse_custom_property(feature) + if isinstance(value, list): + self._fill_misp_object_from_list(misp_object, attribute, value) + continue + else: + continue + else: + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[feature]) + attribute.update(getattr(self, to_call)(feature, value)) + misp_object.add_attribute(**attribute) + + @staticmethod + def _fill_misp_object_from_list(misp_object, mapping, values): + for value in values: + attribute = {'value': value} + attribute.update(mapping) + misp_object.add_attribute(**attribute) + + def parse_attack_pattern(self, attack_pattern): + misp_object, _ = self.create_misp_object(attack_pattern) + if hasattr(attack_pattern, 'external_references'): + for reference in attack_pattern.external_references: + value = reference['external_id'].split('-')[1] if reference['source_name'] == 'capec' else reference['url'] + misp_object.add_attribute(**{ + 'type': 'text', 'object_relation': 'id', + 'value': value + }) + self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping', + '_fill_observable_object_attribute') + self.misp_event.add_object(**misp_object) + + def parse_course_of_action(self, course_of_action): + misp_object, _ = self.create_misp_object(course_of_action) + self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping', + '_fill_observable_object_attribute') + self.misp_event.add_object(**misp_object) + + def parse_custom_attribute(self, custom): + attribute_type = custom['type'].split('x-misp-object-')[1] + if attribute_type not in _misp_types: + replacement = ' ' if attribute_type == 'named-pipe' else '|' + attribute_type = attribute_type.replace('-', replacement) + attribute = {'type': attribute_type, + 'timestamp': self.getTimestampfromDate(custom['modified']), + 'to_ids': bool(custom['labels'][1].split('=')[1]), + 'value': custom['x_misp_value'], + 'category': self.get_misp_category(custom['labels']), + 'uuid': custom['id'].split('--')[1]} + if custom.get('object_marking_refs'): + self.update_marking_refs(attribute['uuid'], custom['object_marking_refs']) + self.misp_event.add_attribute(**attribute) + + def parse_custom_object(self, custom): + name = custom['type'].split('x-misp-object-')[1] + if name in self._custom_objects: + name = name.replace('-', '_') + misp_object = MISPObject(name, misp_objects_path_custom=_misp_objects_path) + misp_object.timestamp = self.getTimestampfromDate(custom['modified']) + misp_object.uuid = custom['id'].split('--')[1] + try: + misp_object.category = custom['category'] + except KeyError: + misp_object.category = self.get_misp_category(custom['labels']) + for key, value in custom['x_misp_values'].items(): + attribute_type, object_relation = key.replace('_DOT_', '.').split('_') + if isinstance(value, list): + for single_value in value: + misp_object.add_attribute(**{'type': attribute_type, 'value': single_value, + 'object_relation': object_relation}) + else: + misp_object.add_attribute(**{'type': attribute_type, 'value': value, + 'object_relation': object_relation}) + self.misp_event.add_object(**misp_object) + + def parse_galaxy(self, galaxy): + if hasattr(galaxy, 'labels'): + return [label for label in galaxy.labels if label.startswith('misp-galaxy:')] + try: + return self._synonyms_to_tag_names[name] + except KeyError: + print(f'Unknown {galaxy._type} name: {galaxy.name}', file=sys.stderr) + return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] + + def parse_indicator_attribute(self, indicator): + attribute = self.create_attribute_dict(indicator) + attribute['to_ids'] = True + pattern = indicator.pattern.replace('\\\\', '\\') + if attribute['type'] in ('malware-sample', 'attachment'): + value, data = self.parse_attribute_pattern_with_data(pattern) + attribute.update({feature: value for feature, value in zip(('value', 'data'), (value, io.BytesIO(data.encode())))}) + else: + attribute['value'] = self.parse_attribute_pattern(pattern) + self.misp_event.add_attribute(**attribute) + + def parse_indicator_object(self, indicator): + misp_object, object_type = self.create_misp_object(indicator) + pattern = self._handle_pattern(indicator.pattern).replace('\\\\', '\\').split(' AND ') + try: + attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['pattern'])(pattern) + except KeyError: + print(f"Unable to map {object_type} object:\n{indicator}", file=sys.stderr) + return + if isinstance(attributes, tuple): + attributes, target_uuid = attributes + misp_object.add_reference(target_uuid, 'includes') + for attribute in attributes: + misp_object.add_attribute(**attribute) + self.misp_event.add_object(misp_object) + + def parse_observable_attribute(self, observable): + attribute = self.create_attribute_dict(observable) + attribute['to_ids'] = False + objects = observable.objects + value = self.parse_single_attribute_observable(objects, attribute['type']) + if isinstance(value, tuple): + value, data = value + attribute['data'] = data + attribute['value'] = value + self.misp_event.add_attribute(**attribute) + + def parse_observable_object(self, observable): + misp_object, object_type = self.create_misp_object(observable) + observable_object = observable.objects + try: + attributes = getattr(self, stix2misp_mapping.objects_mapping[object_type]['observable'])(observable_object) + except KeyError: + print(f"Unable to map {object_type} object:\n{observable}", file=sys.stderr) + return + if isinstance(attributes, tuple): + attributes, target_uuid = attributes + misp_object.add_reference(target_uuid, 'includes') + for attribute in attributes: + misp_object.add_attribute(**attribute) + self.misp_event.add_object(misp_object) + + def parse_vulnerability(self, vulnerability): + attributes = self.fill_observable_attributes(vulnerability, 'vulnerability_mapping') + if hasattr(vulnerability, 'external_references'): + for reference in vulnerability.external_references: + if reference['source_name'] == 'url': + attributes.append({'type': 'link', 'object_relation': 'references', 'value': reference['url']}) + if len(attributes) > 1: + vulnerability_object, _ = self.create_misp_object(vulnerability) + for attribute in attributes: + vulnerability_object.add_attribute(**attribute) + self.misp_event.add_object(**vulnerability_object) + else: + attribute = self.create_attribute_dict(vulnerability) + attribute['value'] = attributes[0]['value'] + self.misp_event.add_attribute(**attribute) + + ################################################################################ + ## OBSERVABLE PARSING FUNCTIONS ## + ################################################################################ + + @staticmethod + def _define_hash_type(hash_type): + if 'sha' in hash_type: + return f'SHA-{hash_type.split("sha")[1]}' + return hash_type.upper() if hash_type == 'md5' else hash_type + + @staticmethod + def _fetch_file_observable(observable_objects): + for key, observable in observable_objects.items(): + if observable['type'] == 'file': + return key + return '0' + + @staticmethod + def _fill_observable_attribute(attribute_type, object_relation, value): + return {'type': attribute_type, + 'object_relation': object_relation, + 'value': value, + 'to_ids': False} + + def fill_observable_attributes(self, observable, object_mapping): + attributes = [] + for key, value in observable.items(): + if key in getattr(stix2misp_mapping, object_mapping): + attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[key]) + elif key.startswith('x_misp_'): + attribute = self.parse_custom_property(key) + if isinstance(value, list): + for single_value in value: + single_attribute = {'value': single_value, 'to_ids': False} + single_attribute.update(attribute) + attributes.append(single_attribute) + continue + else: + continue + attribute.update({'value': value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + def _handle_multiple_file_fields(self, file): + attributes = [] + for feature, attribute_type in zip(('filename', 'path', 'fullpath'), ('filename', 'text', 'text')): + key = f'x_misp_multiple_{feature}' + if key in file: + attributes.append(self._fill_observable_attribute(attribute_type, feature, file.pop(key))) + elif f'{key}s' in file: + attributes.extend(self._fill_observable_attribute(attribute_type, feature, value) for value in file.pop(key)) + attributes.extend(self.fill_observable_attributes(file, 'file_mapping')) + return attributes + + def parse_asn_observable(self, observable): + attributes = [] + mapping = 'asn_mapping' + for observable_object in observable.values(): + if isinstance(observable_object, stix2.v20.observables.AutonomousSystem): + attributes.extend(self.fill_observable_attributes(observable_object, mapping)) + else: + attributes.append(self._parse_observable_reference(observable_object, mapping)) + return attributes + + def _parse_attachment(self, observable): + if len(observable) > 1: + return self._parse_name(observable, index='1'), self._parse_payload(observable) + return self._parse_name(observable) + + def parse_credential_observable(self, observable): + return self.fill_observable_attributes(observable['0'], 'credential_mapping') + + def _parse_domain_ip_attribute(self, observable): + return f'{self._parse_value(observable)}|{self._parse_value(observable, index="1")}' + + @staticmethod + def parse_domain_ip_observable(observable): + attributes = [] + for observable_object in observable.values(): + attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[observable_object._type]) + attribute.update({'value': observable_object.value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + @staticmethod + def _parse_email_message(observable, attribute_type): + return observable['0'].get(attribute_type.split('-')[1]) + + def parse_email_observable(self, observable): + email, references = self.filter_main_object(observable, 'EmailMessage') + attributes = self.fill_observable_attributes(email, 'email_mapping') + if hasattr(email, 'additional_header_fields'): + attributes.extend(self.fill_observable_attributes(email.additional_header_fields, 'email_mapping')) + attributes.extend(self._parse_email_references(email, references)) + if hasattr(email, 'body_multipart') and email.body_multipart: + attributes.extend(self._parse_email_body(email.body_multipart, references)) + return attributes + + @staticmethod + def _parse_email_reply_to(observable): + return observable['0'].additional_header_fields.get('Reply-To') + + def parse_file_observable(self, observable): + file, references = self.filter_main_object(observable, 'File') + references = {key: {'object': value, 'used': False} for key, value in references.items()} + file = {key: value for key, value in file.items()} + multiple_fields = any(f'x_misp_multiple_{feature}' in file for feature in ('filename', 'path', 'fullpath')) + attributes = self._handle_multiple_file_fields(file) if multiple_fields else self.fill_observable_attributes(file, 'file_mapping') + if 'hashes' in file: + attributes.extend(self.fill_observable_attributes(file['hashes'], 'file_mapping')) + if 'content_ref' in file: + reference = references[file['content_ref']] + value = f'{reference["object"].name}|{reference["object"].hashes["MD5"]}' + attributes.append({'type': 'malware-sample', 'object_relation': 'malware-sample', 'value': value, + 'to_ids': False, 'data': reference['object'].payload_bin}) + reference['used'] = True + if 'parent_directory_ref' in file: + reference = references[file['parent_directory_ref']] + attributes.append({'type': 'text', 'object_relation': 'path', + 'value': reference['object'].path, 'to_ids': False}) + reference['used'] = True + for reference in references.values(): + if not reference['used']: + attributes.append({ + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': reference['object'].name, + 'data': reference['object'].payload_bin, + 'to_ids': False + }) + return attributes + + def _parse_filename_hash(self, observable, attribute_type, index='0'): + hash_type = attribute_type.split('|')[1] + filename = self._parse_name(observable, index=index) + hash_value = self._parse_hash(observable, hash_type, index=index) + return f'{filename}|{hash_value}' + + def _parse_hash(self, observable, attribute_type, index='0'): + hash_type = self._define_hash_type(attribute_type) + return observable[index]['hashes'].get(hash_type) + + def parse_ip_port_observable(self, observable): + network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') + attributes = [] + for feature in ('src', 'dst'): + port = f'{feature}_port' + if hasattr(network_traffic, port): + attribute = deepcopy(stix2misp_mapping.ip_port_mapping[port]) + attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) + attributes.append(attribute) + ref = f'{feature}_ref' + if hasattr(network_traffic, ref): + attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), 'ip_port_references_mapping', feature)) + for reference in references.values(): + attribute = deepcopy(stix2misp_mapping.ip_port_references_mapping[reference._type]) + attribute.update({'value': reference.value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + def _parse_malware_sample(self, observable): + if len(observable) > 1: + value = self._parse_filename_hash(observable, 'filename|md5', '1') + return value, self._parse_payload(observable) + return self._parse_filename_hash(observable, 'filename|md5') + + @staticmethod + def _parse_name(observable, index='0'): + return observable[index].get('name') + + def _parse_network_attribute(self, observable): + port = self._parse_port(observable, index='1') + return f'{self._parse_value(observable)}|{port}' + + def parse_network_connection_observable(self, observable): + network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') + attributes = self._parse_network_traffic(network_traffic, references) + if hasattr(network_traffic, 'protocols'): + attributes.extend(self._parse_network_traffic_protocol(protocol) for protocol in network_traffic.protocols if protocol in stix2misp_mapping.connection_protocols) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) + return attributes + + def parse_network_socket_observable(self, observable): + network_traffic, references = self.filter_main_object(observable, 'NetworkTraffic') + attributes = self._parse_network_traffic(network_traffic, references) + if hasattr(network_traffic, 'protocols'): + attributes.append({'type': 'text', 'object_relation': 'protocol', 'to_ids': False, + 'value': network_traffic.protocols[0].strip("'")}) + if hasattr(network_traffic, 'extensions') and network_traffic.extensions: + attributes.extend(self._parse_socket_extension(network_traffic.extensions['socket-ext'])) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) + return attributes + + def _parse_network_traffic(self, network_traffic, references): + attributes = [] + mapping = 'network_traffic_references_mapping' + for feature in ('src', 'dst'): + port = f'{feature}_port' + if hasattr(network_traffic, port): + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[port]) + attribute.update({'value': getattr(network_traffic, port), 'to_ids': False}) + attributes.append(attribute) + ref = f'{feature}_ref' + if hasattr(network_traffic, ref): + attributes.append(self._parse_observable_reference(references.pop(getattr(network_traffic, ref)), mapping, feature)) + if hasattr(network_traffic, f'{ref}s'): + for ref in getattr(network_traffic, f'{ref}s'): + attributes.append(self._parse_observable_reference(references.pop(ref), mapping, feature)) + return attributes + + @staticmethod + def _parse_number(observable): + return observable['0'].get('number') + + @staticmethod + def _parse_payload(observable): + return observable['0'].payload_bin + + def parse_pe_observable(self, observable): + key = self._fetch_file_observable(observable) + extension = observable[key]['extensions']['windows-pebinary-ext'] + pe_uuid = self.parse_pe(extension) + return self.parse_file_observable(observable), pe_uuid + + @staticmethod + def _parse_port(observable, index='0'): + port_observable = observable[index] + return port_observable['src_port'] if 'src_port' in port_observable else port_observable['dst_port'] + + def parse_process_observable(self, observable): + process, references = self.filter_main_object(observable, 'Process', test_function='_process_test_filter') + attributes = self.fill_observable_attributes(process, 'process_mapping') + if hasattr(process, 'parent_ref'): + attributes.extend(self.fill_observable_attributes(references[process.parent_ref], 'parent_process_reference_mapping')) + if hasattr(process, 'child_refs'): + for reference in process.child_refs: + attributes.extend(self.fill_observable_attributes(references[reference], 'child_process_reference_mapping')) + if hasattr(process, 'binary_ref'): + reference = references[process.binary_ref] + attribute = deepcopy(stix2misp_mapping.process_image_mapping) + attribute.update({'value': reference.name, 'to_ids': False}) + attributes.append(attribute) + return attributes + + @staticmethod + def _parse_regkey_attribute(observable): + return observable['0'].get('key') + + def parse_regkey_observable(self, observable): + attributes = [] + for key, value in observable['0'].items(): + if key in stix2misp_mapping.regkey_mapping: + attribute = deepcopy(stix2misp_mapping.regkey_mapping[key]) + attribute.update({'value': value.replace('\\\\', '\\'), 'to_ids': False}) + attributes.append(attribute) + if 'values' in observable['0']: + attributes.extend(self.fill_observable_attributes(observable['0']['values'][0], 'regkey_mapping')) + return attributes + + def _parse_regkey_value(self, observable): + regkey = self._parse_regkey_attribute(observable) + return f'{regkey}|{observable["0"]["values"][0].get("data")}' + + def parse_single_attribute_observable(self, observable, attribute_type): + if attribute_type in stix2misp_mapping.attributes_type_mapping: + return getattr(self, stix2misp_mapping.attributes_type_mapping[attribute_type])(observable, attribute_type) + return getattr(self, stix2misp_mapping.attributes_mapping[attribute_type])(observable) + + def _parse_socket_extension(self, extension): + attributes = [] + extension = {key: value for key, value in extension.items()} + if 'x_misp_text_address_family' in extension: + extension.pop('address_family') + for element, value in extension.items(): + if element in stix2misp_mapping.network_socket_extension_mapping: + attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[element]) + if element in ('is_listening', 'is_blocking'): + if value is False: + continue + value = element.split('_')[1] + elif element.startswith('x_misp_'): + attribute = self.parse_custom_property(element) + else: + continue + attribute.update({'value': value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + @staticmethod + def parse_url_observable(observable): + attributes = [] + for object in observable.values(): + feature = 'dst_port' if isinstance(object, stix2.v20.observables.NetworkTraffic) else 'value' + attribute = deepcopy(stix2misp_mapping.url_mapping[object._type]) + attribute.update({'value': getattr(object, feature), 'to_ids': False}) + attributes.append(attribute) + return attributes + + def parse_user_account_observable(self, observable): + observable = observable['0'] + attributes = self.fill_observable_attributes(observable, 'user_account_mapping') + if 'extensions' in observable and 'unix-account-ext' in observable['extensions']: + extension = observable['extensions']['unix-account-ext'] + if 'groups' in extension: + attributes.extend(self._parse_user_account_groups(extension['groups'])) + attributes.extend(self.fill_observable_attributes(extension, 'user_account_mapping')) + return attributes + + @staticmethod + def _parse_value(observable, index='0'): + return observable[index].get('value') + + def _parse_x509_attribute(self, observable, attribute_type): + hash_type = attribute_type.split('-')[-1] + return self._parse_hash(observable, hash_type) + + def parse_x509_observable(self, observable): + attributes = self.fill_observable_attributes(observable['0'], 'x509_mapping') + if hasattr(observable['0'], 'hashes') and observable['0'].hashes: + attributes.extend(self.fill_observable_attributes(observable['0'].hashes, 'x509_mapping')) + return attributes + + ################################################################################ + ## PATTERN PARSING FUNCTIONS. ## + ################################################################################ + + def fill_pattern_attributes(self, pattern, object_mapping): + attributes = [] + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if pattern_type not in getattr(stix2misp_mapping, object_mapping): + if 'x_misp_' in pattern_type: + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + attribute = deepcopy(getattr(stix2misp_mapping, object_mapping)[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + return attributes + + def parse_asn_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'asn_mapping') + + def parse_credential_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'credential_mapping') + + def parse_domain_ip_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'domain_ip_mapping') + + def parse_email_pattern(self, pattern): + attributes = [] + attachments = defaultdict(dict) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if 'body_multipart' in pattern_type: + pattern_type = pattern_type.split('.') + feature = 'data' if pattern_type[-1] == 'payload_bin' else 'value' + attachments[pattern_type[0][-2]][feature] = pattern_value.strip("'") + continue + if pattern_type not in stix2misp_mapping.email_mapping: + if 'x_misp_' in pattern_type: + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + for attachment in attachments.values(): + if 'data' in attachment: + attribute = {'type': 'attachment', 'object_relation': 'screenshot', 'data': attachment['data']} + else: + attribute = {'type': 'email-attachment', 'object_relation': 'attachment'} + attribute['value'] = attachment['value'] + attributes.append(attribute) + return attributes + + def parse_file_pattern(self, pattern): + attributes = [] + attachment = {} + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if pattern_type in stix2misp_mapping.attachment_types: + attachment[pattern_type] = pattern_value.strip("'") + if pattern_type not in stix2misp_mapping.file_mapping: + continue + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + if 'file:content_ref.payload_bin' in attachment: + filename = self._choose_with_priority(attachment, 'file:content_ref.name', 'file:name') + md5 = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") + attributes.append({ + 'type': 'malware-sample', + 'object_relation': 'malware-sample', + 'value': f'{attachment[filename]}|{attachment[md5]}', + 'data': attachment['file:content_ref.payload_bin'] + }) + if 'artifact:payload_bin' in attachment: + attributes.append({ + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': attachment['artifact:x_misp_text_name'] if 'artifact:x_misp_text_name' in attachment else attachment['file:name'], + 'data': attachment['artifact:payload_bin'] + }) + return attributes + + def parse_ip_port_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'ip_port_mapping') + + def parse_network_connection_pattern(self, pattern): + attributes = [] + references = defaultdict(dict) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if pattern_type not in stix2misp_mapping.network_traffic_mapping: + pattern_value = pattern_value.strip("'") + if pattern_type.startswith('network-traffic:protocols['): + attributes.append({ + 'type': 'text', 'value': pattern_value, + 'object_relation': f'layer{stix2misp_mapping.connection_protocols[pattern_value]}-protocol' + }) + elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) + continue + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + attributes.extend(attribute for attribute in references.values()) + return attributes + + def parse_network_socket_pattern(self, pattern): + attributes = [] + references = defaultdict(dict) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + pattern_value = pattern_value.strip("'") + if pattern_type not in stix2misp_mapping.network_traffic_mapping: + if pattern_type in stix2misp_mapping.network_socket_extension_mapping: + attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[pattern_type]) + if pattern_type.startswith("network-traffic:extensions.'socket-ext'.is_"): + if pattern_value != 'True': + continue + pattern_value = pattern_type.split('_')[1] + else: + if pattern_type.startswith('network-traffic:protocols['): + attributes.append({'type': 'text', 'object_relation': 'protocol', 'value': pattern_value}) + elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) + continue + else: + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + attributes.extend(attribute for attribute in references.values()) + return attributes + + def parse_pe_pattern(self, pattern): + attributes = [] + sections = defaultdict(dict) + pe = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + if ':extensions.' in pattern_type: + if '.sections[' in pattern_type: + pattern_type = pattern_type.split('.') + relation = pattern_type[-1].strip("'") + if relation in stix2misp_mapping.pe_section_mapping: + sections[pattern_type[2][-2]][relation] = pattern_value.strip("'") + else: + pattern_type = pattern_type.split('.')[-1] + if pattern_type not in stix2misp_mapping.pe_mapping: + if pattern_type.startswith('x_misp_'): + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + pe.add_attribute(**attribute) + continue + attribute = deepcopy(stix2misp_mapping.pe_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + pe.add_attribute(**attribute) + else: + if pattern_type not in stix2misp_mapping.file_mapping: + if pattern_type.startswith('x_misp_'): + attribute = self.parse_custom_property(pattern_type) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + for section in sections.values(): + pe_section = MISPObject('pe-section', misp_objects_path_custom=_misp_objects_path) + for feature, value in section.items(): + attribute = deepcopy(stix2misp_mapping.pe_section_mapping[feature]) + attribute['value'] = value + pe_section.add_attribute(**attribute) + self.misp_event.add_object(pe_section) + pe.add_reference(pe_section.uuid, 'includes') + self.misp_event.add_object(pe) + return attributes, pe.uuid + + def parse_process_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'process_mapping') + + def parse_regkey_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'regkey_mapping') + + def parse_url_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'url_mapping') + + @staticmethod + def parse_user_account_pattern(pattern): + attributes = [] + for pattern_part in pattern: + pattern_type, pattern_value = pattern_part.split(' = ') + pattern_type = pattern_type.split('.')[-1].split('[')[0] if "extensions.'unix-account-ext'" in pattern_type else pattern_type.split(':')[-1] + if pattern_type not in stix2misp_mapping.user_account_mapping: + if pattern_type.startswith('group'): + attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value.strip("'")}) + continue + attribute = deepcopy(stix2misp_mapping.user_account_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + return attributes + + def parse_x509_pattern(self, pattern): + return self.fill_pattern_attributes(pattern, 'x509_mapping') + + ################################################################################ + ## UTILITY FUNCTIONS. ## + ################################################################################ + + def create_attribute_dict(self, stix_object): + labels = stix_object['labels'] + attribute_uuid = stix_object.id.split('--')[1] + attribute = {'uuid': attribute_uuid, + 'type': self.get_misp_type(labels), + 'category': self.get_misp_category(labels)} + tags = [{'name': label} for label in labels[3:]] + if tags: + attribute['Tag'] = tags + attribute.update(self.parse_timeline(stix_object)) + if hasattr(stix_object, 'object_marking_refs'): + self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs) + return attribute + + def create_misp_object(self, stix_object): + labels = stix_object['labels'] + object_type = self.get_misp_type(labels) + misp_object = MISPObject('file' if object_type == 'WindowsPEBinaryFile' else object_type, + misp_objects_path_custom=_misp_objects_path) + misp_object.uuid = stix_object.id.split('--')[1] + misp_object.update(self.parse_timeline(stix_object)) + return misp_object, object_type + + @staticmethod + def _fill_object_attribute(feature, value): + return {'value': str(value) if feature in ('entropy', 'size') else value} + + @staticmethod + def _fill_observable_object_attribute(feature, value): + return {'value': str(value) if feature in ('entropy', 'size') else value, + 'to_ids': False} + + @staticmethod + def get_misp_category(labels): + return labels[1].split('=')[1].strip('"') + + @staticmethod + def get_misp_type(labels): + return labels[0].split('=')[1].strip('"') + + @staticmethod + def parse_attribute_pattern(pattern): + if ' AND ' in pattern: + pattern_parts = pattern.strip('[]').split(' AND ') + if len(pattern_parts) == 3: + _, value1 = pattern_parts[2].split(' = ') + _, value2 = pattern_parts[0].split(' = ') + return '{}|{}'.format(value1.strip("'"), value2.strip("'")) + else: + _, value1 = pattern_parts[0].split(' = ') + _, value2 = pattern_parts[1].split(' = ') + if value1 in ("'ipv4-addr'", "'ipv6-addr'"): + return value2.strip("'") + return '{}|{}'.format(value1.strip("'"), value2.strip("'")) + else: + return pattern.split(' = ')[1].strip("]'") + + def parse_attribute_pattern_with_data(self, pattern): + if 'file:content_ref.payload_bin' not in pattern: + return self.parse_attribute_pattern(pattern) + pattern_parts = pattern.strip('[]').split(' AND ') + if len(pattern_parts) == 3: + filename = pattern_parts[0].split(' = ')[1] + md5 = pattern_parts[1].split(' = ')[1] + return "{}|{}".format(filename.strip("'"), md5.strip("'")), pattern_parts[2].split(' = ')[1].strip("'") + return pattern_parts[0].split(' = ')[1].strip("'"), pattern_parts[1].split(' = ')[1].strip("'") + + @staticmethod + def parse_custom_property(custom_property): + properties = custom_property.split('_') + return {'type': properties[2], 'object_relation': '-'.join(properties[3:])} + + +class ExternalStixParser(StixParser): + def __init__(self): + super().__init__() + self._stix2misp_mapping.update({'attack-pattern': 'parse_attack_pattern', + 'course-of-action': 'parse_course_of_action', + 'vulnerability': 'parse_vulnerability'}) + + ################################################################################ + ## PARSING FUNCTIONS. ## + ################################################################################ + + def parse_event(self, stix_event): + for stix_object in stix_event.objects: + object_type = stix_object['type'] + if object_type in self._stix2misp_mapping: + getattr(self, self._stix2misp_mapping[object_type])(stix_object) + else: + print(f'not found: {object_type}', file=sys.stderr) + if self.relationship: + self.parse_relationships() + if self.galaxy: + self.parse_galaxies() + event_uuid = stix_event.id.split('--')[1] + if hasattr(self, 'report'): + self.parse_report(event_uuid=event_uuid) + else: + self.misp_event.uuid = event_uuid + self.misp_event.info = 'Imported with the STIX to MISP import script.' + self.handle_markings() + + def parse_galaxy(self, galaxy): + galaxy_names = self._check_existing_galaxy_name(galaxy.name) + if galaxy_names is not None: + return galaxy_names + return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] + + def _parse_indicator(self, indicator): + pattern = indicator.pattern + if any(relation in pattern for relation in stix2misp_mapping.pattern_forbidden_relations) or all(relation in pattern for relation in (' OR ', ' AND ')): + self.add_stix2_pattern_object(indicator) + separator = ' OR ' if ' OR ' in pattern else ' AND ' + self.parse_usual_indicator(indicator, separator) + + def _parse_observable(self, observable): + types = self._parse_observable_types(observable.objects) + try: + getattr(self, stix2misp_mapping.observable_mapping[types])(observable) + except KeyError: + print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) + + def _parse_undefined(self, stix_object): + try: + self.objects_to_parse[stix_object['id'].split('--')[1]] = stix_object + except AttributeError: + self.objects_to_parse = {stix_object['id'].split('--')[1]: stix_object} + + def add_stix2_pattern_object(self, indicator): + misp_object = MISPObject('stix2-pattern', misp_objects_path_custom=_misp_objects_path) + misp_object.uuid = indicator.id.split('--')[1] + misp_object.update(self.parse_timeline(indicator)) + version = f'STIX {indicator.pattern_version}' if hasattr(indicator, 'pattern_version') else 'STIX 2.0' + misp_object.add_attribute(**{'type': 'text', 'object_relation': 'version', 'value': version}) + misp_object.add_attribute(**{'type': 'stix2-pattern', 'object_relation': 'stix2-pattern', + 'value': indicator.pattern}) + self.misp_event.add_object(**misp_object) + + @staticmethod + def fill_misp_object(misp_object, stix_object, mapping): + for key, feature in getattr(stix2misp_mapping, mapping).items(): + if hasattr(stix_object, key): + attribute = deepcopy(feature) + attribute['value'] = getattr(stix_object, key) + misp_object.add_attribute(**attribute) + + @staticmethod + def fill_misp_object_from_dict(misp_object, stix_object, mapping): + for key, feature in getattr(stix2misp_mapping, mapping).items(): + if key in stix_object: + attribute = deepcopy(feature) + attribute['value'] = stix_object[key] + misp_object.add_attribute(**attribute) + + def parse_attack_pattern(self, attack_pattern): + galaxy_names = self._check_existing_galaxy_name(attack_pattern.name) + if galaxy_names is not None: + self.galaxy[attack_pattern['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} + else: + misp_object = self.create_misp_object(attack_pattern) + if hasattr(attack_pattern, 'external_references'): + for reference in attack_pattern.external_references: + source_name = reference['source_name'] + value = reference['external_id'].split('-')[1] if source_name == 'capec' else reference['url'] + attribute = deepcopy(stix2misp_mapping.attack_pattern_references_mapping[source_name]) if source_name in stix2misp_mapping.attack_pattern_references_mapping else stix2misp_mapping.references_attribute_mapping + attribute['value'] = value + misp_object.add_attribute(**attribute) + self.fill_misp_object(misp_object, attack_pattern, 'attack_pattern_mapping') + self.misp_event.add_object(**misp_object) + + def parse_course_of_action(self, course_of_action): + galaxy_names = self._check_existing_galaxy_name(course_of_action.name) + if galaxy_names is not None: + self.galaxy[course_of_action['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} + else: + misp_object = self.create_misp_object(course_of_action) + self.fill_misp_object(misp_object, course_of_action, 'course_of_action_mapping') + self.misp_event.add_object(**misp_object) + + def parse_usual_indicator(self, indicator, separator): + pattern = tuple(part.strip() for part in self._handle_pattern(indicator.pattern).split(separator)) + types = self._parse_pattern_types(pattern) + try: + getattr(self, stix2misp_mapping.pattern_mapping[types])(indicator, separator) + except KeyError: + print(f'Type(s) not supported at the moment: {types}\n', file=sys.stderr) + self.add_stix2_pattern_object(indicator) + + def parse_vulnerability(self, vulnerability): + galaxy_names = self._check_existing_galaxy_name(vulnerability.name) + if galaxy_names is not None: + self.galaxy[vulnerability['id'].split('--')[1]] = {'tag_names': galaxy_names, 'used': False} + else: + attributes = self._get_attributes_from_observable(vulnerability, 'vulnerability_mapping') + if hasattr(vulnerability, 'external_references'): + for reference in vulnerability.external_references: + if reference['source_name'] == 'url': + attribute = deepcopy(stix2misp_mapping.references_attribute_mapping) + attribute['value'] = reference['url'] + attributes.append(attribute) + if len(attributes) == 1 and attributes[0]['object_relation'] == 'id': + attributes[0]['type'] = 'vulnerability' + self.handle_import_case(vulnerability, attributes, 'vulnerability') + + ################################################################################ + ## OBSERVABLE PARSING FUNCTIONS ## + ################################################################################ + + @staticmethod + def _fetch_reference_type(references, object_type): + for key, reference in references.items(): + if isinstance(reference, getattr(stix2.v20.observables, object_type)): + return key + return None + + @staticmethod + def _fetch_user_account_type_observable(observable_objects): + for observable_object in observable_objects.values(): + if hasattr(observable_object, 'extensions') or any(key not in ('user_id', 'credential', 'type') for key in observable_object): + return 'user-account', 'user_account_mapping' + return 'credential', 'credential_mapping' + + @staticmethod + def _get_attributes_from_observable(stix_object, mapping): + attributes = [] + for key, value in stix_object.items(): + if key in getattr(stix2misp_mapping, mapping) and value: + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[key]) + attribute.update({'value': value, 'to_ids': False}) + attributes.append(attribute) + return attributes + + def get_network_traffic_attributes(self, network_traffic, references): + attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') + mapping = 'network_traffic_references_mapping' + attributes.extend(self.parse_network_traffic_references(network_traffic, references, mapping)) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, mapping, 'dst')) + return attributes + + @staticmethod + def _handle_attachment_type(stix_object, is_reference, filename): + _has_md5 = hasattr(stix_object, 'hashes') and 'MD5' in stix_object.hashes + if is_reference and _has_md5: + return 'malware-sample', f'{filename}|{stix_object.hashes["MD5"]}' + return 'attachment', filename + + def handle_pe_observable(self, attributes, extension, observable): + pe_uuid = self.parse_pe(extension) + file = self.create_misp_object(observable, 'file') + file.add_reference(pe_uuid, 'includes') + for attribute in attributes: + file.add_attribute(**attribute) + self.misp_event.add_object(file) + + @staticmethod + def _is_reference(network_traffic, reference): + for feature in ('src', 'dst'): + for reference_type in (f'{feature}_{ref}' for ref in ('ref', 'refs')): + if reference in network_traffic.get(reference_type, []): + return True + return False + + @staticmethod + def _network_traffic_has_extension(network_traffic): + if not hasattr(network_traffic, 'extensions'): + return None + if 'socket-ext' in network_traffic.extensions: + return 'parse_socket_extension_observable' + return None + + def parse_asn_observable(self, observable): + autonomous_system, references = self.filter_main_object(observable.objects, 'AutonomousSystem') + mapping = 'asn_mapping' + attributes = self._get_attributes_from_observable(autonomous_system, mapping) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, mapping)) + self.handle_import_case(observable, attributes, 'asn') + + def parse_domain_ip_observable(self, observable): + domain, references = self.filter_main_object(observable.objects, 'DomainName') + mapping = 'domain_ip_mapping' + attributes = [self._parse_observable_reference(domain, mapping)] + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, mapping)) + self.handle_import_case(observable, attributes, 'domain-ip') + + def parse_domain_ip_network_traffic_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + extension = self._network_traffic_has_extension(network_traffic) + if extension: + attributes, object_name = getattr(self, extension)(network_traffic, references) + return self.handle_import_case(observable, attributes, object_name) + if self._required_protocols(network_traffic.protocols): + attributes = self.parse_network_connection_object(network_traffic, references) + return self.handle_import_case(observable, attributes, 'network-connection') + attributes, object_name = self.parse_network_traffic_objects(network_traffic, references) + self.handle_import_case(observable, attributes, object_name) + + def parse_domain_network_traffic_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + extension = self._network_traffic_has_extension(network_traffic) + if extension: + attributes, object_name = getattr(self, extension)(network_traffic, references) + return self.handle_import_case(observable, attributes, object_name) + attributes = self.parse_network_connection_object(network_traffic, references) + self.handle_import_case(observable, attributes, 'network-connection') + + def parse_email_address_observable(self, observable): + self.add_attributes_from_observable(observable, 'email-src', 'value') + + def parse_email_observable(self, observable): + email_message, references = self.filter_main_object(observable.objects, 'EmailMessage') + attributes = self._get_attributes_from_observable(email_message, 'email_mapping') + if hasattr(email_message, 'additional_header_fields'): + attributes.extend(self._get_attributes_from_observable(email_message.additional_header_fields, 'email_mapping')) + attributes.extend(self._parse_email_references(email_message, references)) + if hasattr(email_message, 'body_multipart') and email_message.body_multipart: + attributes.extend(self._parse_email_body(email_message.body_multipart, references)) + if references: + print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) + self.handle_import_case(observable, attributes, 'email') + + def parse_file_observable(self, observable): + file_object, references = self.filter_main_object(observable.objects, 'File') + attributes = self._get_attributes_from_observable(file_object, 'file_mapping') + if 'hashes' in file_object: + attributes.extend(self._get_attributes_from_observable(file_object.hashes, 'file_mapping')) + if references: + filename = file_object.name if hasattr(file_object, 'name') else 'unknown_filename' + for key, reference in references.items(): + if isinstance(reference, stix2.v20.observables.Artifact): + _is_content_ref = 'content_ref' in file_object and file_object.content_ref == key + attribute_type, value = self._handle_attachment_type(reference, _is_content_ref, filename) + attribute = { + 'type': attribute_type, + 'object_relation': attribute_type, + 'value': value, + 'to_ids': False + } + if hasattr(reference, 'payload_bin'): + attribute['data'] = reference.payload_bin + attributes.append(attribute) + elif isinstance(reference, stix2.v20.observables.Directory): + attribute = { + 'type': 'text', + 'object_relation': 'path', + 'value': reference.path, + 'to_ids': False + } + attributes.append(attribute) + if hasattr(file_object, 'extensions'): + # Support of more extension types probably in the future + if 'windows-pebinary-ext' in file_object.extensions: + # Here we do not go to the standard route of "handle_import_case" + # because we want to make sure a file object is created + return self.handle_pe_observable(attributes, file_object.extensions['windows-pebinary-ext'], observable) + extension_types = (extension_type for extension_type in file_object.extensions.keys()) + print(f'File extension type(s) not supported at the moment: {", ".join(extension_types)}', file=sys.stderr) + self.handle_import_case(observable, attributes, 'file', _force_object=('file-encoding', 'path')) + + def parse_ip_address_observable(self, observable): + attributes = [] + for observable_object in observable.objects.values(): + attribute = { + 'value': observable_object.value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.ip_attribute_mapping) + attributes.append(attribute) + self.handle_import_case(observable, attributes, 'ip-port') + + def parse_ip_network_traffic_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + extension = self._network_traffic_has_extension(network_traffic) + if extension: + attributes, object_name = getattr(self, extension)(network_traffic, references) + return self.handle_import_case(observable, attributes, object_name) + attributes = self.parse_ip_port_object(network_traffic, references) + self.handle_import_case(observable, attributes, 'ip-port') + + def parse_ip_port_object(self, network_traffic, references): + attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') + attributes.extend(self.parse_network_traffic_references(network_traffic, references, 'ip_port_references_mapping')) + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'domain_ip_mapping')) + return attributes + + def parse_mac_address_observable(self, observable): + self.add_attributes_from_observable(observable, 'mac-address', 'value') + + def parse_network_connection_object(self, network_traffic, references): + attributes = self.get_network_traffic_attributes(network_traffic, references) + attributes.extend(self.parse_protocols(network_traffic.protocols, 'observable object')) + return attributes + + def parse_network_traffic_objects(self, network_traffic, references): + _has_domain = self._fetch_reference_type(references.values(), 'DomainName') + if _has_domain and self._is_reference(network_traffic, _has_domain): + return self.parse_network_connection_object(network_traffic, references), 'network-connection' + return self.parse_ip_port_object(network_traffic, references), 'ip-port' + + def parse_network_traffic_references(self, network_traffic, references, mapping): + attributes = [] + for feature in ('src', 'dst'): + ref = f'{feature}_ref' + if hasattr(network_traffic, ref): + reference = getattr(network_traffic, ref) + attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) + if hasattr(network_traffic, f'{ref}s'): + for reference in getattr(network_traffic, f'{ref}s'): + attributes.append(self._parse_observable_reference(references.pop(reference), mapping, feature)) + return attributes + + def parse_mutex_observable(self, observable): + self.add_attributes_from_observable(observable, 'mutex', 'name') + + def parse_process_observable(self, observable): + process, references = self.filter_main_object(observable.objects, 'Process', test_function='_process_test_filter') + attributes = self._get_attributes_from_observable(process, 'process_mapping') + if hasattr(process, 'parent_ref'): + attributes.extend(self._get_attributes_from_observable(references.pop(process.parent_ref), 'parent_process_reference_mapping')) + if hasattr(process, 'child_refs'): + for reference in process.child_refs: + attributes.extend(self._get_attributes_from_observable(references.pop(reference), 'child_process_reference_mapping')) + if hasattr(process, 'binary_ref'): + reference = references.pop(process.binary_ref) + attribute = { + 'value': reference.name, + 'to_ids': False + } + attribute.update(stix2misp_mapping.process_image_mapping) + attributes.append(attribute) + if references: + print(f'Unable to parse the following observable objects: {references}', file=sys.stderr) + self.handle_import_case(observable, attributes, 'process', _force_object=True) + + def parse_protocols(self, protocols, object_type): + attributes = [] + protocols = (protocol.upper() for protocol in protocols) + for protocol in protocols: + try: + attributes.append(self._parse_network_traffic_protocol(protocol)) + except KeyError: + print(f'Unknown protocol in network-traffic {object_type}: {protocol}', file=sys.stderr) + return attributes + + def parse_regkey_observable(self, observable): + attributes = [] + for observable_object in observable.objects.values(): + attributes.extend(self._get_attributes_from_observable(observable_object, 'regkey_mapping')) + if 'values' in observable_object: + for registry_value in observable_object['values']: + attributes.extend(self._get_attributes_from_observable(registry_value, 'regkey_mapping')) + self.handle_import_case(observable, attributes, 'registry-key') + + def parse_socket_extension_observable(self, network_traffic, references): + attributes = self.get_network_traffic_attributes(network_traffic, references) + for key, value in network_traffic.extensions['socket-ext'].items(): + if key not in stix2misp_mapping.network_socket_extension_mapping: + print(f'Unknown socket extension field in observable object: {key}', file=sys.stderr) + continue + if key.startswith('is_') and not value: + continue + attribute = { + 'value': key.split('_')[1] if key.startswith('is_') else value, + 'to_ids': False + } + attribute.update(stix2misp_mapping.network_socket_extension_mapping[key]) + attributes.append(attribute) + return attributes, 'network-socket' + + def parse_url_observable(self, observable): + network_traffic, references = self.filter_main_object(observable.objects, 'NetworkTraffic') + attributes = self._get_attributes_from_observable(network_traffic, 'network_traffic_mapping') if network_traffic else [] + if references: + for reference in references.values(): + attributes.append(self._parse_observable_reference(reference, 'url_mapping')) + self.handle_import_case(observable, attributes, 'url') + + def parse_user_account_extension(self, extension): + attributes = self._parse_user_account_groups(extension['groups']) if 'groups' in extension else [] + attributes.extend(self._get_attributes_from_observable(extension, 'user_account_mapping')) + return attributes + + def parse_user_account_observable(self, observable): + attributes = [] + object_name, mapping = self._fetch_user_account_type_observable(observable.objects) + for observable_object in observable.objects.values(): + attributes.extend(self._get_attributes_from_observable(observable_object, mapping)) + if hasattr(observable_object, 'extensions') and observable_object.extensions.get('unix-account-ext'): + attributes.extend(self.parse_user_account_extension(observable_object.extensions['unix-account-ext'])) + self.handle_import_case(observable, attributes, object_name) + + def parse_x509_observable(self, observable): + attributes = [] + for observable_object in observable.objects.values(): + attributes.extend(self._get_attributes_from_observable(observable_object, 'x509_mapping')) + if hasattr(observable_object, 'hashes'): + attributes.extend(self._get_attributes_from_observable(observable_object.hashes, 'x509_mapping')) + self.handle_import_case(observable, attributes, 'x509') + + ################################################################################ + ## PATTERN PARSING FUNCTIONS. ## + ################################################################################ + + @staticmethod + def _fetch_user_account_type_pattern(pattern): + for stix_object in pattern: + if 'extensions' in stix_object or all(key not in stix_object for key in ('user_id', 'credential', 'type')): + return 'user-account', 'user_account_mapping' + return 'credential', 'credential_mapping' + + def get_attachment(self, attachment, filename): + attribute = { + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': attachment.pop(filename) + } + data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') + attribute['data'] = attachment.pop(data_feature) + return attribute + + def get_attributes_from_pattern(self, pattern, mapping, separator): + attributes = [] + for pattern_part in pattern.strip('[]').split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + try: + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) + except KeyError: + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + continue + attribute['value'] = pattern_value + attributes.append(attribute) + return attributes + + def get_malware_sample(self, attachment, filename): + md5_feature = self._choose_with_priority(attachment, "file:content_ref.hashes.'MD5'", "file:hashes.'MD5'") + attribute = { + 'type': 'malware-sample', + 'object_relation': 'malware-sample', + 'value': f'{attachment.pop(filename)}|{attachment.pop(md5_feature)}' + } + data_feature = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') + attribute['data'] = attachment.pop(data_feature) + return attribute + + def _handle_file_attachments(self, attachment): + attributes = [] + if any('content_ref' in feature for feature in attachment.keys()): + attribute_type = 'attachment' + value = attachment['file:name'] if 'file:name' in attachment else 'unknown_filename' + if "file:content_ref.hashes.'MD5'" in attachment: + attribute_type = 'malware-sample' + md5 = attachment.pop("file:content_ref.hashes.'MD5'") + value = f'{value}|{md5}' + data = self._choose_with_priority(attachment, 'file:content_ref.payload_bin', 'artifact:payload_bin') + attribute = { + 'type': attribute_type, + 'object_relation': attribute_type, + 'value': value, + 'data': attachment.pop(data) + } + attributes.append(attribute) + if 'artifact:payload_bin' in attachment: + attribute = { + 'type': 'attachment', + 'object_relation': 'attachment', + 'value': attachment['file:name'], + 'data': attachment.pop('artifact:payload_bin') + } + attributes.append(attribute) + return attributes + + def parse_as_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'asn_mapping', separator) + self.handle_import_case(indicator, attributes, 'asn') + + def parse_domain_ip_port_pattern(self, indicator, separator): + attributes = [] + references = defaultdict(dict) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type not in stix2misp_mapping.domain_ip_mapping: + if any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update(self._parse_network_connection_reference(feature_type, feature, pattern_value)) + else: + print(f'Pattern type not currently mapped: {pattern_type}', file=sys.stderr) + continue + attribute = deepcopy(stix2misp_mapping.domain_ip_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + if references: + attributes.extend(references.values()) + object_name = 'ip-port' if 'network-traffic' in indicator.pattern else 'domain-ip' + self.handle_import_case(indicator, attributes, object_name) + + def parse_email_address_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'email-src', separator) + + def parse_email_message_pattern(self, indicator, separator): + attributes = [] + attachments = defaultdict(dict) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type not in stix2misp_mapping.email_mapping: + if pattern_type.startswith('email-message:body_multipart'): + features = pattern_type.split('.') + if len(features) == 3 and features[1] == 'body_raw_ref': + index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' + key = 'data' if features[2] == 'payload_bin' else 'value' + attachments[index][key] = pattern_value + continue + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + continue + attribute = deepcopy(stix2misp_mapping.email_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + if attachments: + for attachment in attachments.values(): + attribute = { + 'type': 'attachment', + 'object_relation': 'screenshot' + } if 'data' in attachment else { + 'type': 'email-attachment', + 'object_relation': 'attachment' + } + attribute.update(attachment) + attributes.append(attribute) + self.handle_import_case(indicator, attributes, 'email') + + def parse_file_pattern(self, indicator, separator): + attributes = [] + attachment = {} + extensions = defaultdict(lambda: defaultdict(dict)) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type in stix2misp_mapping.attachment_types: + attachment[pattern_type] = pattern_value.strip("'") + continue + if pattern_type not in stix2misp_mapping.file_mapping: + if 'extensions' in pattern_type: + features = pattern_type.split('.')[1:] + extension_type = features.pop(0).strip("'") + if 'section' in features[0] and features[0] != 'number_of_sections': + index = features[0].split('[')[1].strip(']') if '[' in features[0] else '0' + extensions[extension_type][f'section_{index}'][features[-1].strip("'")] = pattern_value + else: + extensions[extension_type]['.'.join(features)] = pattern_value + continue + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + if any(key.endswith('payload_bin') for key in attachment.keys()): + attributes.extend(self._handle_file_attachments(attachment)) + if attachment: + for pattern_type, value in attachment.items(): + if pattern_type in stix2misp_mapping.file_mapping: + attribute = deepcopy(stix2misp_mapping.file_mapping[pattern_type]) + attribute['value'] = value + attributes.append(attribute) + if extensions: + file_object = self.create_misp_object(indicator, 'file') + self.parse_file_extension(file_object, attributes, extensions) + else: + self.handle_import_case(indicator, attributes, 'file', _force_object=('file-encoding', 'path')) + + def parse_file_extension(self, file_object, attributes, extensions): + for attribute in attributes: + file_object.add_attribute(**attribute) + if 'windows-pebinary-ext' in extensions: + pe_extension = extensions['windows-pebinary-ext'] + pe_object = MISPObject('pe', misp_objects_path_custom=_misp_objects_path) + sections = self._get_sections(pe_extension) + self.fill_misp_object_from_dict(pe_object, pe_extension, 'pe_mapping') + if sections: + for section in sections: + section_object = MISPObject('pe-section') + self.fill_misp_object_from_dict(section_object, section, 'pe_section_mapping') + self.misp_event.add_object(section_object) + pe_object.add_reference(section_object.uuid, 'includes') + self.misp_event.add_object(pe_object) + file_object.add_reference(pe_object.uuid, 'includes') + self.misp_event.add_object(file_object) + + def parse_ip_address_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'ip-dst', separator) + + def parse_mac_address_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'mac-address', separator) + + def parse_mutex_pattern(self, indicator, separator): + self.add_attributes_from_indicator(indicator, 'mutex', separator) + + def parse_network_connection_pattern(self, indicator, attributes, references): + attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) + self.handle_import_case(indicator, attributes, 'network-connection') + + @staticmethod + def _parse_network_pattern_references(references, mapping): + attributes = [] + for feature, reference in references.items(): + feature = feature.split('_')[0] + attribute = {key: value.format(feature) for key, value in getattr(stix2misp_mapping, mapping)[reference['type']].items()} + attribute['value'] = reference['value'] + attributes.append(attribute) + return attributes + + def parse_network_socket_pattern(self, indicator, attributes, references, extension): + attributes.extend(self._parse_network_pattern_references(references, 'network_traffic_references_mapping')) + for key, value in extension.items(): + if key not in stix2misp_mapping.network_socket_extension_mapping: + print(f'Unknown socket extension field in pattern: {key}', file=sys.stderr) + continue + if key.startswith('is_') and not json.loads(value.lower()): + continue + attribute = deepcopy(stix2misp_mapping.network_socket_extension_mapping[key]) + attribute['value'] = key.split('_')[1] if key.startswith('is_') else value + attributes.append(attribute) + self.handle_import_case(indicator, attributes, 'network-socket') + + def parse_network_traffic_pattern(self, indicator, separator): + attributes = [] + protocols = [] + references = defaultdict(dict) + extensions = defaultdict(dict) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if pattern_type in stix2misp_mapping.network_traffic_mapping: + attribute = deepcopy(stix2misp_mapping.network_traffic_mapping[pattern_type]) + attribute['value'] = pattern_value.strip("'") + attributes.append(attribute) + continue + if pattern_type.startswith('network-traffic:protocols['): + protocols.append(pattern_value) + elif any(pattern_type.startswith(f'network-traffic:{feature}_ref') for feature in ('src', 'dst')): + feature_type, ref = pattern_type.split(':')[1].split('_') + ref, feature = ref.split('.') + ref = f"{feature_type}_{'0' if ref == 'ref' else ref.strip('ref[]')}" + references[ref].update({feature: pattern_value}) + elif pattern_type.startswith('network-traffic:extensions.'): + _, extension_type, feature = pattern_type.split('.') + extensions[extension_type.strip("'")][feature] = pattern_value + else: + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + if extensions: + if 'socket-ext' in extensions: + return self.parse_network_socket_pattern(indicator, attributes, references, extensions['socket-ext']) + print(f'Unknown network extension(s) in pattern: {", ".join(extensions.keys())}', file=sys.stderr) + if protocols and self._required_protocols(protocols): + attributes.extend(self.parse_protocols(protocols, 'pattern')) + return self.parse_network_connection_pattern(indicator, attributes, references) + attributes.extend(self._parse_network_pattern_references(references, 'ip_port_references_mapping')) + self.handle_import_case(indicator, attributes, 'ip-port') + + def parse_process_pattern(self, indicator, separator): + attributes = [] + parent = {} + child = defaultdict(set) + for pattern_part in self._handle_pattern(indicator.pattern).split(separator): + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + if 'parent_' in pattern_type: + child[pattern_type.split('.')[-1]].add(pattern_value) + elif 'child_' in pattern_type: + parent[pattern_type.split('.')[-1]] = pattern_value + else: + try: + attribute = deepcopy(stix2misp_mapping.process_mapping[pattern_type]) + except KeyError: + print(f'Pattern type not supported at the moment: {pattern_type}', file=sys.stderr) + continue + attribute['value'] = pattern_value + attributes.append(attribute) + if parent: + for key, value in parent.items(): + if key not in stix2misp_mapping.parent_process_reference_mapping: + print(f'Parent process key from pattern not supported at the moment: {key}', file=sys.stderr) + continue + attribute = {'value': value} + attribute.update(stix2misp_mapping.parent_process_reference_mapping[key]) + attributes.append(attribute) + if child: + for key, values in child.items(): + if key not in stix2misp_mapping.child_process_reference_mapping: + print(f'Child process key from pattern not supported at the moment: {key}', file=sys.stderr) + continue + for value in values: + attribute = {'value': value} + attribute.update(stix2misp_mapping.child_process_reference_mapping[key]) + attributes.append(attribute) + self.handle_import_case(indicator, attributes, 'process', _force_object=True) + + def parse_regkey_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'regkey_mapping', separator) + self.handle_import_case(indicator, attributes, 'registry-key') + + def parse_url_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'url_mapping', separator) + self.handle_import_case(indicator, attributes, 'url') + + def parse_user_account_pattern(self, indicator, separator): + attributes = [] + pattern = self._handle_pattern(indicator.pattern).split(separator) + object_name, mapping = self._fetch_user_account_type_pattern(pattern) + for pattern_part in pattern: + pattern_type, pattern_value = self.get_type_and_value_from_pattern(pattern_part) + pattern_type = pattern_type.split(':')[1] + if pattern_type.startswith('extensions.'): + pattern_type = pattern_type.split('.')[-1] + if '[' in pattern_type: + pattern_type = pattern_type.split('[')[0] + if pattern_type in ('group', 'groups'): + attributes.append({'type': 'text', 'object_relation': 'group', 'value': pattern_value}) + continue + if pattern_type in getattr(stix2misp_mapping, mapping): + attribute = deepcopy(getattr(stix2misp_mapping, mapping)[pattern_type]) + attribute['value'] = pattern_value + attributes.append(attribute) + self.handle_import_case(indicator, attributes, object_name) + + def parse_x509_pattern(self, indicator, separator): + attributes = self.get_attributes_from_pattern(indicator.pattern, 'x509_mapping', separator) + self.handle_import_case(indicator, attributes, 'x509') + + ################################################################################ + ## UTILITY FUNCTIONS. ## + ################################################################################ + + def add_attributes_from_indicator(self, indicator, attribute_type, separator): + patterns = self._handle_pattern(indicator.pattern).split(separator) + if len(patterns) == 1: + _, value = self.get_type_and_value_from_pattern(patterns[0]) + attribute = MISPAttribute() + attribute.from_dict(**{ + 'uuid': indicator.id.split('--')[1], + 'type': attribute_type, + 'value': value, + 'to_ids': True + }) + attribute.update(self.parse_timeline(indicator)) + self.misp_event.add_attribute(**attribute) + else: + tmp_attribute = self.parse_timeline(indicator) + for pattern in patterns: + _, value = self.get_type_and_value_from_pattern(pattern) + attribute = MISPAttribute() + attribute.from_dict(**{ + 'type': attribute_type, + 'value': value, + 'to_ids': True + }) + attribute.update(tmp_attribute) + self.misp_event.add_attribute(**attribute) + + def add_attributes_from_observable(self, observable, attribute_type, feature): + if len(observable.objects) == 1: + attribute = MISPAttribute() + attribute.from_dict(**{ + 'uuid': observable.id.split('--')[1], + 'type': attribute_type, + 'value': getattr(observable.objects['0'], feature), + 'to_ids': False + }) + attribute.update(self.parse_timeline(observable)) + self.misp_event.add_attribute(**attribute) + else: + tmp_attribute = self.parse_timeline(observable) + for observable_object in observable.objects.values(): + attribute = MISPAttribute() + attribute.from_dict(**{ + 'type': attribute_type, + 'value': getattr(observable_object, feature), + 'to_ids': False + }) + attribute.update(tmp_attribute) + self.misp_event.add_attribute(**attribute) + + def _check_existing_galaxy_name(self, galaxy_name): + if galaxy_name in self._synonyms_to_tag_names: + return self._synonyms_to_tag_names[galaxy_name] + for name, tag_names in self._synonyms_to_tag_names.items(): + if galaxy_name in name: + return tag_names + return None + + def create_misp_object(self, stix_object, name=None): + misp_object = MISPObject(name if name is not None else stix_object.type, + misp_objects_path_custom=_misp_objects_path) + misp_object.uuid = stix_object.id.split('--')[1] + misp_object.update(self.parse_timeline(stix_object)) + return misp_object + + @staticmethod + def _get_sections(pe_extension): + sections = [feature for feature in pe_extension.keys() if feature.startswith('section_')] + return (pe_extension.pop(feature) for feature in sections) + + @staticmethod + def get_type_and_value_from_pattern(pattern): + pattern = pattern.strip('[]') + try: + pattern_type, pattern_value = pattern.split(' = \'') + except ValueError: + pattern_type, pattern_value = pattern.split('=') + return pattern_type.strip(), pattern_value.strip("'") + + def handle_import_case(self, stix_object, attributes, name, _force_object=False): + try: + if len(attributes) > 1 or (_force_object and self._handle_object_forcing(_force_object, attributes[0])): + misp_object = self.create_misp_object(stix_object, name) + for attribute in attributes: + misp_object.add_attribute(**attribute) + self.misp_event.add_object(**misp_object) + else: + attribute = {field: attributes[0][field] for field in stix2misp_mapping.single_attribute_fields if attributes[0].get(field) is not None} + attribute['uuid'] = stix_object.id.split('--')[1] + attribute.update(self.parse_timeline(stix_object)) + if isinstance(stix_object, stix2.v20.Indicator): + attribute['to_ids'] = True + if hasattr(stix_object, 'object_marking_refs'): + self.update_marking_refs(attribute['uuid'], stix_object.object_marking_refs) + self.misp_event.add_attribute(**attribute) + except IndexError: + object_type = 'indicator' if isinstance(stix_object, stix2.Indicator) else 'observable objects' + print(f'No attribute or object could be imported from the following {object_type}: {stix_object}', file=sys.stderr) + + @staticmethod + def _handle_object_forcing(_force_object, attribute): + if isinstance(_force_object, (list, tuple)): + return attribute['object_relation'] in _force_object + return _force_object + + @staticmethod + def _handle_pattern(pattern): + return pattern.strip().strip('[]') + + @staticmethod + def _parse_observable_types(observable_objects): + types = {observable_object._type for observable_object in observable_objects.values()} + return tuple(sorted(types)) + + @staticmethod + def _parse_pattern_types(pattern): + types = {part.split('=')[0].split(':')[0].strip('[') for part in pattern} + return tuple(sorted(types)) + + @staticmethod + def _required_protocols(protocols): + protocols = tuple(protocol.upper() for protocol in protocols) + if any(protocol not in ('TCP', 'IP') for protocol in protocols): + return True + return False + + +def from_misp(stix_objects): + for stix_object in stix_objects: + if stix_object['type'] == "report" and 'misp:tool="misp2stix2"' in stix_object.get('labels', []): + return True + return False + + +def main(args): + filename = Path(os.path.dirname(args[0]), args[1]) + with open(filename, 'rt', encoding='utf-8') as f: + event = stix2.parse(f.read(), allow_custom=True, interoperability=True) + stix_parser = StixFromMISPParser() if from_misp(event.objects) else ExternalStixParser() + stix_parser.handler(event, filename, args[2:]) + stix_parser.save_file() + print(1) + + +if __name__ == '__main__': + main(sys.argv) diff --git a/misp_modules/lib/stix2misp_mapping.py b/misp_modules/lib/stix2misp_mapping.py new file mode 100644 index 00000000..706d9903 --- /dev/null +++ b/misp_modules/lib/stix2misp_mapping.py @@ -0,0 +1,460 @@ +################################################################################ +# ATTRIBUTES AND OBJECTS MAPPING # +################################################################################ + +attributes_mapping = { + 'filename': '_parse_name', + 'ip-src': '_parse_value', + 'ip-dst': '_parse_value', + 'hostname': '_parse_value', + 'domain': '_parse_value', + 'domain|ip': '_parse_domain_ip_attribute', + 'email-src': '_parse_value', + 'email-dst': '_parse_value', + 'email-attachment': '_parse_name', + 'url': '_parse_value', + 'regkey': '_parse_regkey_attribute', + 'regkey|value': '_parse_regkey_value', + 'malware-sample': '_parse_malware_sample', + 'mutex': '_parse_name', + 'uri': '_parse_value', + 'port': '_parse_port', + 'ip-dst|port': '_parse_network_attribute', + 'ip-src|port': '_parse_network_attribute', + 'hostname|port': '_parse_network_attribute', + 'email-reply-to': '_parse_email_reply_to', + 'attachment': '_parse_attachment', + 'mac-address': '_parse_value', + 'AS': '_parse_number' +} + +attributes_type_mapping = { + 'md5': '_parse_hash', + 'sha1': '_parse_hash', + 'sha256': '_parse_hash', + 'filename|md5': '_parse_filename_hash', + 'filename|sha1': '_parse_filename_hash', + 'filename|sha256': '_parse_filename_hash', + 'email-subject': '_parse_email_message', + 'email-body': '_parse_email_message', + 'authentihash': '_parse_hash', + 'ssdeep': '_parse_hash', + 'imphash': '_parse_hash', + 'pehash': '_parse_hash', + 'impfuzzy': '_parse_hash', + 'sha224': '_parse_hash', + 'sha384': '_parse_hash', + 'sha512': '_parse_hash', + 'sha512/224': '_parse_hash', + 'sha512/256': '_parse_hash', + 'tlsh': '_parse_hash', + 'cdhash': '_parse_hash', + 'filename|authentihash': '_parse_filename_hash', + 'filename|ssdeep': '_parse_filename_hash', + 'filename|imphash': '_parse_filename_hash', + 'filename|impfuzzy': '_parse_filename_hash', + 'filename|pehash': '_parse_filename_hash', + 'filename|sha224': '_parse_filename_hash', + 'filename|sha384': '_parse_filename_hash', + 'filename|sha512': '_parse_filename_hash', + 'filename|sha512/224': '_parse_filename_hash', + 'filename|sha512/256': '_parse_filename_hash', + 'filename|tlsh': '_parse_filename_hash', + 'x509-fingerprint-md5': '_parse_x509_attribute', + 'x509-fingerprint-sha1': '_parse_x509_attribute', + 'x509-fingerprint-sha256': '_parse_x509_attribute' +} + +objects_mapping = { + 'asn': { + 'observable': 'parse_asn_observable', + 'pattern': 'parse_asn_pattern'}, + 'credential': { + 'observable': 'parse_credential_observable', + 'pattern': 'parse_credential_pattern'}, + 'domain-ip': { + 'observable': 'parse_domain_ip_observable', + 'pattern': 'parse_domain_ip_pattern'}, + 'email': { + 'observable': 'parse_email_observable', + 'pattern': 'parse_email_pattern'}, + 'file': { + 'observable': 'parse_file_observable', + 'pattern': 'parse_file_pattern'}, + 'ip-port': { + 'observable': 'parse_ip_port_observable', + 'pattern': 'parse_ip_port_pattern'}, + 'network-connection': { + 'observable': 'parse_network_connection_observable', + 'pattern': 'parse_network_connection_pattern'}, + 'network-socket': { + 'observable': 'parse_network_socket_observable', + 'pattern': 'parse_network_socket_pattern'}, + 'process': { + 'observable': 'parse_process_observable', + 'pattern': 'parse_process_pattern'}, + 'registry-key': { + 'observable': 'parse_regkey_observable', + 'pattern': 'parse_regkey_pattern'}, + 'url': { + 'observable': 'parse_url_observable', + 'pattern': 'parse_url_pattern'}, + 'user-account': { + 'observable': 'parse_user_account_observable', + 'pattern': 'parse_user_account_pattern'}, + 'WindowsPEBinaryFile': { + 'observable': 'parse_pe_observable', + 'pattern': 'parse_pe_pattern'}, + 'x509': { + 'observable': 'parse_x509_observable', + 'pattern': 'parse_x509_pattern'} +} + +observable_mapping = { + ('artifact', 'file'): 'parse_file_observable', + ('artifact', 'directory', 'file'): 'parse_file_observable', + ('artifact', 'email-addr', 'email-message', 'file'): 'parse_email_observable', + ('autonomous-system',): 'parse_asn_observable', + ('autonomous-system', 'ipv4-addr'): 'parse_asn_observable', + ('autonomous-system', 'ipv6-addr'): 'parse_asn_observable', + ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_asn_observable', + ('directory', 'file'): 'parse_file_observable', + ('domain-name',): 'parse_domain_ip_observable', + ('domain-name', 'ipv4-addr'): 'parse_domain_ip_observable', + ('domain-name', 'ipv6-addr'): 'parse_domain_ip_observable', + ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_observable', + ('domain-name', 'ipv4-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', + ('domain-name', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', + ('domain-name', 'ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_domain_ip_network_traffic_observable', + ('domain-name', 'network-traffic'): 'parse_domain_network_traffic_observable', + ('domain-name', 'network-traffic', 'url'): 'parse_url_observable', + ('email-addr',): 'parse_email_address_observable', + ('email-addr', 'email-message'): 'parse_email_observable', + ('email-addr', 'email-message', 'file'): 'parse_email_observable', + ('email-message',): 'parse_email_observable', + ('file',): 'parse_file_observable', + ('file', 'process'): 'parse_process_observable', + ('ipv4-addr',): 'parse_ip_address_observable', + ('ipv6-addr',): 'parse_ip_address_observable', + ('ipv4-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', + ('ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', + ('ipv4-addr', 'ipv6-addr', 'network-traffic'): 'parse_ip_network_traffic_observable', + ('mac-addr',): 'parse_mac_address_observable', + ('mutex',): 'parse_mutex_observable', + ('process',): 'parse_process_observable', + ('x509-certificate',): 'parse_x509_observable', + ('url',): 'parse_url_observable', + ('user-account',): 'parse_user_account_observable', + ('windows-registry-key',): 'parse_regkey_observable' +} + +pattern_mapping = { + ('artifact', 'file'): 'parse_file_pattern', + ('artifact', 'directory', 'file'): 'parse_file_pattern', + ('autonomous-system', ): 'parse_as_pattern', + ('autonomous-system', 'ipv4-addr'): 'parse_as_pattern', + ('autonomous-system', 'ipv6-addr'): 'parse_as_pattern', + ('autonomous-system', 'ipv4-addr', 'ipv6-addr'): 'parse_as_pattern', + ('directory',): 'parse_file_pattern', + ('directory', 'file'): 'parse_file_pattern', + ('domain-name',): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv4-addr'): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv6-addr'): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv4-addr', 'ipv6-addr'): 'parse_domain_ip_port_pattern', + ('domain-name', 'ipv4-addr', 'url'): 'parse_url_pattern', + ('domain-name', 'ipv6-addr', 'url'): 'parse_url_pattern', + ('domain-name', 'ipv4-addr', 'ipv6-addr', 'url'): 'parse_url_pattern', + ('domain-name', 'network-traffic'): 'parse_domain_ip_port_pattern', + ('domain-name', 'network-traffic', 'url'): 'parse_url_pattern', + ('email-addr',): 'parse_email_address_pattern', + ('email-message',): 'parse_email_message_pattern', + ('file',): 'parse_file_pattern', + ('ipv4-addr',): 'parse_ip_address_pattern', + ('ipv6-addr',): 'parse_ip_address_pattern', + ('ipv4-addr', 'ipv6-addr'): 'parse_ip_address_pattern', + ('mac-addr',): 'parse_mac_address_pattern', + ('mutex',): 'parse_mutex_pattern', + ('network-traffic',): 'parse_network_traffic_pattern', + ('process',): 'parse_process_pattern', + ('url',): 'parse_url_pattern', + ('user-account',): 'parse_user_account_pattern', + ('windows-registry-key',): 'parse_regkey_pattern', + ('x509-certificate',): 'parse_x509_pattern' +} + +pattern_forbidden_relations = (' LIKE ', ' FOLLOWEDBY ', ' MATCHES ', ' ISSUBSET ', ' ISSUPERSET ', ' REPEATS ') +single_attribute_fields = ('type', 'value', 'to_ids') + + +################################################################################ +# OBSERVABLE OBJECTS AND PATTERNS MAPPING. # +################################################################################ + +address_family_attribute_mapping = {'type': 'text','object_relation': 'address-family'} +as_number_attribute_mapping = {'type': 'AS', 'object_relation': 'asn'} +description_attribute_mapping = {'type': 'text', 'object_relation': 'description'} +asn_subnet_attribute_mapping = {'type': 'ip-src', 'object_relation': 'subnet-announced'} +cc_attribute_mapping = {'type': 'email-dst', 'object_relation': 'cc'} +credential_attribute_mapping = {'type': 'text', 'object_relation': 'password'} +data_attribute_mapping = {'type': 'text', 'object_relation': 'data'} +data_type_attribute_mapping = {'type': 'text', 'object_relation': 'data-type'} +domain_attribute_mapping = {'type': 'domain', 'object_relation': 'domain'} +domain_family_attribute_mapping = {'type': 'text', 'object_relation': 'domain-family'} +dst_port_attribute_mapping = {'type': 'port', 'object_relation': 'dst-port'} +email_attachment_attribute_mapping = {'type': 'email-attachment', 'object_relation': 'attachment'} +email_date_attribute_mapping = {'type': 'datetime', 'object_relation': 'send-date'} +email_subject_attribute_mapping = {'type': 'email-subject', 'object_relation': 'subject'} +encoding_attribute_mapping = {'type': 'text', 'object_relation': 'file-encoding'} +end_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-seen'} +entropy_mapping = {'type': 'float', 'object_relation': 'entropy'} +filename_attribute_mapping = {'type': 'filename', 'object_relation': 'filename'} +from_attribute_mapping = {'type': 'email-src', 'object_relation': 'from'} +imphash_mapping = {'type': 'imphash', 'object_relation': 'imphash'} +id_attribute_mapping = {'type': 'text', 'object_relation': 'id'} +ip_attribute_mapping = {'type': 'ip-dst', 'object_relation': 'ip'} +issuer_attribute_mapping = {'type': 'text', 'object_relation': 'issuer'} +key_attribute_mapping = {'type': 'regkey', 'object_relation': 'key'} +malware_sample_attribute_mapping = {'type': 'malware-sample', 'object_relation': 'malware-sample'} +mime_type_attribute_mapping = {'type': 'mime-type', 'object_relation': 'mimetype'} +modified_attribute_mapping = {'type': 'datetime', 'object_relation': 'last-modified'} +name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} +network_traffic_ip = {'type': 'ip-{}', 'object_relation': 'ip-{}'} +number_sections_mapping = {'type': 'counter', 'object_relation': 'number-sections'} +password_mapping = {'type': 'text', 'object_relation': 'password'} +path_attribute_mapping = {'type': 'text', 'object_relation': 'path'} +pe_type_mapping = {'type': 'text', 'object_relation': 'type'} +pid_attribute_mapping = {'type': 'text', 'object_relation': 'pid'} +process_command_line_mapping = {'type': 'text', 'object_relation': 'command-line'} +process_creation_time_mapping = {'type': 'datetime', 'object_relation': 'creation-time'} +process_image_mapping = {'type': 'filename', 'object_relation': 'image'} +process_name_mapping = {'type': 'text', 'object_relation': 'name'} +regkey_name_attribute_mapping = {'type': 'text', 'object_relation': 'name'} +references_attribute_mapping = {'type': 'link', 'object_relation': 'references'} +reply_to_attribute_mapping = {'type': 'email-reply-to', 'object_relation': 'reply-to'} +screenshot_attribute_mapping = {'type': 'attachment', 'object_relation': 'screenshot'} +section_name_mapping = {'type': 'text', 'object_relation': 'name'} +serial_number_attribute_mapping = {'type': 'text', 'object_relation': 'serial-number'} +size_attribute_mapping = {'type': 'size-in-bytes', 'object_relation': 'size-in-bytes'} +src_port_attribute_mapping = {'type': 'port', 'object_relation': 'src-port'} +start_datetime_attribute_mapping = {'type': 'datetime', 'object_relation': 'first-seen'} +state_attribute_mapping = {'type': 'text', 'object_relation': 'state'} +summary_attribute_mapping = {'type': 'text', 'object_relation': 'summary'} +to_attribute_mapping = {'type': 'email-dst', 'object_relation': 'to'} +url_attribute_mapping = {'type': 'url', 'object_relation': 'url'} +url_port_attribute_mapping = {'type': 'port', 'object_relation': 'port'} +user_id_mapping = {'type': 'text', 'object_relation': 'username'} +x_mailer_attribute_mapping = {'type': 'email-x-mailer', 'object_relation': 'x-mailer'} +x509_md5_attribute_mapping = {'type': 'x509-fingerprint-md5', 'object_relation': 'x509-fingerprint-md5'} +x509_sha1_attribute_mapping = {'type': 'x509-fingerprint-sha1', 'object_relation': 'x509-fingerprint-sha1'} +x509_sha256_attribute_mapping = {'type': 'x509-fingerprint-sha256', 'object_relation': 'x509-fingerprint-sha256'} +x509_spka_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-algorithm'} # x509 subject public key algorithm +x509_spke_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-exponent'} # x509 subject public key exponent +x509_spkm_attribute_mapping = {'type': 'text', 'object_relation': 'pubkey-info-modulus'} # x509 subject public key modulus +x509_subject_attribute_mapping = {'type': 'text', 'object_relation': 'subject'} +x509_version_attribute_mapping = {'type': 'text', 'object_relation': 'version'} +x509_vna_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-after'} # x509 validity not after +x509_vnb_attribute_mapping = {'type': 'datetime', 'object_relation': 'validity-not-before'} # x509 validity not before + +asn_mapping = {'number': as_number_attribute_mapping, + 'autonomous-system:number': as_number_attribute_mapping, + 'name': description_attribute_mapping, + 'autonomous-system:name': description_attribute_mapping, + 'ipv4-addr': asn_subnet_attribute_mapping, + 'ipv6-addr': asn_subnet_attribute_mapping, + 'ipv4-addr:value': asn_subnet_attribute_mapping, + 'ipv6-addr:value': asn_subnet_attribute_mapping} + +attack_pattern_mapping = {'name': name_attribute_mapping, + 'description': summary_attribute_mapping} + +attack_pattern_references_mapping = {'mitre-attack': references_attribute_mapping, + 'capec': id_attribute_mapping} + +course_of_action_mapping = {'description': description_attribute_mapping, + 'name': name_attribute_mapping} + +credential_mapping = {'credential': credential_attribute_mapping, + 'user-account:credential': credential_attribute_mapping, + 'user_id': user_id_mapping, + 'user-account:user_id': user_id_mapping} + +domain_ip_mapping = {'domain-name': domain_attribute_mapping, + 'domain-name:value': domain_attribute_mapping, + 'ipv4-addr': ip_attribute_mapping, + 'ipv6-addr': ip_attribute_mapping, + 'ipv4-addr:value': ip_attribute_mapping, + 'ipv6-addr:value': ip_attribute_mapping, + 'domain-name:resolves_to_refs[*].value': ip_attribute_mapping, + 'network-traffic:dst_port': dst_port_attribute_mapping, + 'network-traffic:src_port': src_port_attribute_mapping} + +email_mapping = {'date': email_date_attribute_mapping, + 'email-message:date': email_date_attribute_mapping, + 'email-message:to_refs[*].value': to_attribute_mapping, + 'email-message:cc_refs[*].value': cc_attribute_mapping, + 'subject': email_subject_attribute_mapping, + 'email-message:subject': email_subject_attribute_mapping, + 'X-Mailer': x_mailer_attribute_mapping, + 'email-message:additional_header_fields.x_mailer': x_mailer_attribute_mapping, + 'Reply-To': reply_to_attribute_mapping, + 'email-message:additional_header_fields.reply_to': reply_to_attribute_mapping, + 'email-message:from_ref.value': from_attribute_mapping, + 'email-addr:value': to_attribute_mapping} + +email_references_mapping = {'attachment': email_attachment_attribute_mapping, + 'cc_refs': cc_attribute_mapping, + 'from_ref': from_attribute_mapping, + 'screenshot': screenshot_attribute_mapping, + 'to_refs': to_attribute_mapping} + +file_mapping = {'artifact:mime_type': mime_type_attribute_mapping, + 'file:content_ref.mime_type': mime_type_attribute_mapping, + 'mime_type': mime_type_attribute_mapping, + 'file:mime_type': mime_type_attribute_mapping, + 'name': filename_attribute_mapping, + 'file:name': filename_attribute_mapping, + 'name_enc': encoding_attribute_mapping, + 'file:name_enc': encoding_attribute_mapping, + 'file:parent_directory_ref.path': path_attribute_mapping, + 'directory:path': path_attribute_mapping, + 'size': size_attribute_mapping, + 'file:size': size_attribute_mapping} + +network_traffic_mapping = {'dst_port':dst_port_attribute_mapping, + 'src_port': src_port_attribute_mapping, + 'network-traffic:dst_port': dst_port_attribute_mapping, + 'network-traffic:src_port': src_port_attribute_mapping} + +ip_port_mapping = {'value': domain_attribute_mapping, + 'domain-name:value': domain_attribute_mapping, + 'network-traffic:dst_ref.value': {'type': 'ip-dst', 'object_relation': 'ip-dst'}, + 'network-traffic:src_ref.value': {'type': 'ip-src', 'object_relation': 'ip-src'}} +ip_port_mapping.update(network_traffic_mapping) + +ip_port_references_mapping = {'domain-name': domain_attribute_mapping, + 'ipv4-addr': network_traffic_ip, + 'ipv6-addr': network_traffic_ip} + +network_socket_extension_mapping = {'address_family': address_family_attribute_mapping, + "network-traffic:extensions.'socket-ext'.address_family": address_family_attribute_mapping, + 'protocol_family': domain_family_attribute_mapping, + "network-traffic:extensions.'socket-ext'.protocol_family": domain_family_attribute_mapping, + 'is_blocking': state_attribute_mapping, + "network-traffic:extensions.'socket-ext'.is_blocking": state_attribute_mapping, + 'is_listening': state_attribute_mapping, + "network-traffic:extensions.'socket-ext'.is_listening": state_attribute_mapping} + +network_traffic_references_mapping = {'domain-name': {'type': 'hostname', 'object_relation': 'hostname-{}'}, + 'ipv4-addr': network_traffic_ip, + 'ipv6-addr': network_traffic_ip} + +pe_mapping = {'pe_type': pe_type_mapping, 'number_of_sections': number_sections_mapping, 'imphash': imphash_mapping} + +pe_section_mapping = {'name': section_name_mapping, 'size': size_attribute_mapping, 'entropy': entropy_mapping} + +hash_types = ('MD5', 'SHA-1', 'SHA-256', 'SHA-224', 'SHA-384', 'SHA-512', 'ssdeep', 'tlsh') +for hash_type in hash_types: + misp_hash_type = hash_type.replace('-', '').lower() + attribute = {'type': misp_hash_type, 'object_relation': misp_hash_type} + file_mapping[hash_type] = attribute + file_mapping.update({f"file:hashes.'{feature}'": attribute for feature in (hash_type, misp_hash_type)}) + file_mapping.update({f"file:hashes.{feature}": attribute for feature in (hash_type, misp_hash_type)}) + pe_section_mapping[hash_type] = attribute + pe_section_mapping[misp_hash_type] = attribute + +process_mapping = {'name': process_name_mapping, + 'process:name': process_name_mapping, + 'pid': pid_attribute_mapping, + 'process:pid': pid_attribute_mapping, + 'created': process_creation_time_mapping, + 'process:created': process_creation_time_mapping, + 'command_line': process_command_line_mapping, + 'process:command_line': process_command_line_mapping, + 'process:parent_ref.pid': {'type': 'text', 'object_relation': 'parent-pid'}, + 'process:child_refs[*].pid': {'type': 'text', 'object_relation': 'child-pid'}, + 'process:binary_ref.name': process_image_mapping} + +child_process_reference_mapping = {'pid': {'type': 'text', 'object_relation': 'child-pid'}} + +parent_process_reference_mapping = {'command_line': {'type': 'text', 'object_relation': 'parent-command-line'}, + 'pid': {'type': 'text', 'object_relation': 'parent-pid'}, + 'process-name': {'type': 'text', 'object_relation': 'parent-process-name'}} + +regkey_mapping = {'data': data_attribute_mapping, + 'windows-registry-key:values.data': data_attribute_mapping, + 'data_type': data_type_attribute_mapping, + 'windows-registry-key:values.data_type': data_type_attribute_mapping, + 'modified': modified_attribute_mapping, + 'windows-registry-key:modified': modified_attribute_mapping, + 'name': regkey_name_attribute_mapping, + 'windows-registry-key:values.name': regkey_name_attribute_mapping, + 'key': key_attribute_mapping, + 'windows-registry-key:key': key_attribute_mapping, + 'windows-registry-key:value': {'type': 'text', 'object_relation': 'hive'} + } + +url_mapping = {'url': url_attribute_mapping, + 'url:value': url_attribute_mapping, + 'domain-name': domain_attribute_mapping, + 'domain-name:value': domain_attribute_mapping, + 'network-traffic': url_port_attribute_mapping, + 'network-traffic:dst_port': url_port_attribute_mapping, + 'ipv4-addr:value': ip_attribute_mapping, + 'ipv6-addr:value': ip_attribute_mapping + } + +user_account_mapping = {'account_created': {'type': 'datetime', 'object_relation': 'created'}, + 'account_expires': {'type': 'datetime', 'object_relation': 'expires'}, + 'account_first_login': {'type': 'datetime', 'object_relation': 'first_login'}, + 'account_last_login': {'type': 'datetime', 'object_relation': 'last_login'}, + 'account_login': user_id_mapping, + 'account_type': {'type': 'text', 'object_relation': 'account-type'}, + 'can_escalate_privs': {'type': 'boolean', 'object_relation': 'can_escalate_privs'}, + 'credential': credential_attribute_mapping, + 'credential_last_changed': {'type': 'datetime', 'object_relation': 'password_last_changed'}, + 'display_name': {'type': 'text', 'object_relation': 'display-name'}, + 'gid': {'type': 'text', 'object_relation': 'group-id'}, + 'home_dir': {'type': 'text', 'object_relation': 'home_dir'}, + 'is_disabled': {'type': 'boolean', 'object_relation': 'disabled'}, + 'is_privileged': {'type': 'boolean', 'object_relation': 'privileged'}, + 'is_service_account': {'type': 'boolean', 'object_relation': 'is_service_account'}, + 'shell': {'type': 'text', 'object_relation': 'shell'}, + 'user_id': {'type': 'text', 'object_relation': 'user-id'}} + +vulnerability_mapping = {'name': id_attribute_mapping, + 'description': summary_attribute_mapping} + +x509_mapping = {'issuer': issuer_attribute_mapping, + 'x509-certificate:issuer': issuer_attribute_mapping, + 'serial_number': serial_number_attribute_mapping, + 'x509-certificate:serial_number': serial_number_attribute_mapping, + 'subject': x509_subject_attribute_mapping, + 'x509-certificate:subject': x509_subject_attribute_mapping, + 'subject_public_key_algorithm': x509_spka_attribute_mapping, + 'x509-certificate:subject_public_key_algorithm': x509_spka_attribute_mapping, + 'subject_public_key_exponent': x509_spke_attribute_mapping, + 'x509-certificate:subject_public_key_exponent': x509_spke_attribute_mapping, + 'subject_public_key_modulus': x509_spkm_attribute_mapping, + 'x509-certificate:subject_public_key_modulus': x509_spkm_attribute_mapping, + 'validity_not_before': x509_vnb_attribute_mapping, + 'x509-certificate:validity_not_before': x509_vnb_attribute_mapping, + 'validity_not_after': x509_vna_attribute_mapping, + 'x509-certificate:validity_not_after': x509_vna_attribute_mapping, + 'version': x509_version_attribute_mapping, + 'x509-certificate:version': x509_version_attribute_mapping, + 'SHA-1': x509_sha1_attribute_mapping, + "x509-certificate:hashes.'sha1'": x509_sha1_attribute_mapping, + 'SHA-256': x509_sha256_attribute_mapping, + "x509-certificate:hashes.'sha256'": x509_sha256_attribute_mapping, + 'MD5': x509_md5_attribute_mapping, + "x509-certificate:hashes.'md5'": x509_md5_attribute_mapping, + } + +attachment_types = ('file:content_ref.name', 'file:content_ref.payload_bin', + 'artifact:x_misp_text_name', 'artifact:payload_bin', + "file:hashes.'MD5'", "file:content_ref.hashes.'MD5'", + 'file:name') + +connection_protocols = {"IP": "3", "ICMP": "3", "ARP": "3", + "TCP": "4", "UDP": "4", + "HTTP": "7", "HTTPS": "7", "FTP": "7"} diff --git a/misp_modules/lib/synonymsToTagNames.json b/misp_modules/lib/synonymsToTagNames.json new file mode 100644 index 00000000..c3013f37 --- /dev/null +++ b/misp_modules/lib/synonymsToTagNames.json @@ -0,0 +1 @@ +{"Accstealer":["misp-galaxy:android=\"Accstealer\""],"Ackposts":["misp-galaxy:android=\"Ackposts\""],"Acnetdoor":["misp-galaxy:android=\"Acnetdoor\""],"Acnetsteal":["misp-galaxy:android=\"Acnetsteal\""],"Actech":["misp-galaxy:android=\"Actech\""],"AdChina":["misp-galaxy:android=\"AdChina\""],"AdInfo":["misp-galaxy:android=\"AdInfo\""],"AdMarvel":["misp-galaxy:android=\"AdMarvel\""],"AdMob":["misp-galaxy:android=\"AdMob\""],"AdSms":["misp-galaxy:android=\"AdSms\""],"Adfonic":["misp-galaxy:android=\"Adfonic\""],"Adknowledge":["misp-galaxy:android=\"Adknowledge\""],"Adrd":["misp-galaxy:android=\"Adrd\""],"Aduru":["misp-galaxy:android=\"Aduru\""],"Adwhirl":["misp-galaxy:android=\"Adwhirl\""],"Adwind":["misp-galaxy:android=\"Adwind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:tool=\"Adwind\""],"AlienSpy":["misp-galaxy:android=\"Adwind\"","misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"Adwind RAT\"","misp-galaxy:tool=\"Adwind\""],"Frutas":["misp-galaxy:android=\"Adwind\"","misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"Adwind RAT\"","misp-galaxy:tool=\"Adwind\""],"Unrecom":["misp-galaxy:android=\"Adwind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"Adwind RAT\"","misp-galaxy:tool=\"Adwind\""],"Sockrat":["misp-galaxy:android=\"Adwind\"","misp-galaxy:android=\"Sockrat\"","misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:tool=\"Adwind\""],"Jsocket":["misp-galaxy:android=\"Adwind\"","misp-galaxy:rat=\"Adwind RAT\""],"jRat":["misp-galaxy:android=\"Adwind\"","misp-galaxy:tool=\"Adwind\""],"Backdoor:Java\/Adwind":["misp-galaxy:android=\"Adwind\"","misp-galaxy:tool=\"Adwind\""],"Adwlauncher":["misp-galaxy:android=\"Adwlauncher\""],"Adwo":["misp-galaxy:android=\"Adwo\""],"Airad":["misp-galaxy:android=\"Airad\""],"Airpush":["misp-galaxy:android=\"Airpush\""],"StopSMS":["misp-galaxy:android=\"Airpush\""],"Alienspy":["misp-galaxy:android=\"Alienspy\""],"AmazonAds":["misp-galaxy:android=\"AmazonAds\""],"Andr\/Dropr-FH":["misp-galaxy:android=\"Andr\/Dropr-FH\""],"GhostCtrl":["misp-galaxy:android=\"Andr\/Dropr-FH\"","misp-galaxy:malpedia=\"GhostCtrl\""],"AndroidOS_HidenAd":["misp-galaxy:android=\"AndroidOS_HidenAd\""],"AndroidOS_HiddenAd":["misp-galaxy:android=\"AndroidOS_HidenAd\""],"Answerbot":["misp-galaxy:android=\"Answerbot\""],"Antammi":["misp-galaxy:android=\"Antammi\""],"Apkmore":["misp-galaxy:android=\"Apkmore\""],"Aplog":["misp-galaxy:android=\"Aplog\""],"AppLovin":["misp-galaxy:android=\"AppLovin\""],"Appenda":["misp-galaxy:android=\"Appenda\""],"Apperhand":["misp-galaxy:android=\"Apperhand\""],"Appleservice":["misp-galaxy:android=\"Appleservice\""],"Arspam":["misp-galaxy:android=\"Arspam\""],"Aurecord":["misp-galaxy:android=\"Aurecord\""],"Backapp":["misp-galaxy:android=\"Backapp\""],"Backdexer":["misp-galaxy:android=\"Backdexer\""],"Backflash":["misp-galaxy:android=\"Backflash\""],"Backscript":["misp-galaxy:android=\"Backscript\""],"Badaccents":["misp-galaxy:android=\"Badaccents\""],"Badpush":["misp-galaxy:android=\"Badpush\""],"Ballonpop":["misp-galaxy:android=\"Ballonpop\""],"BambaPurple":["misp-galaxy:android=\"BambaPurple\""],"BankBot":["misp-galaxy:android=\"BankBot\"","misp-galaxy:malpedia=\"Anubis\"","misp-galaxy:malpedia=\"BankBot\""],"Bankosy":["misp-galaxy:android=\"Bankosy\"","misp-galaxy:android=\"GM Bot\"","misp-galaxy:tool=\"Slempo\""],"Bankun":["misp-galaxy:android=\"Bankun\""],"Basebridge":["misp-galaxy:android=\"Basebridge\""],"Basedao":["misp-galaxy:android=\"Basedao\""],"Batterydoctor":["misp-galaxy:android=\"Batterydoctor\""],"BeNews":["misp-galaxy:android=\"BeNews\""],"Beaglespy":["misp-galaxy:android=\"Beaglespy\""],"BeanBot":["misp-galaxy:android=\"BeanBot\""],"Becuro":["misp-galaxy:android=\"Becuro\""],"Beita":["misp-galaxy:android=\"Beita\""],"Bgserv":["misp-galaxy:android=\"Bgserv\""],"Biigespy":["misp-galaxy:android=\"Biigespy\""],"Bmaster":["misp-galaxy:android=\"Bmaster\""],"Bossefiv":["misp-galaxy:android=\"Bossefiv\""],"Boxpush":["misp-galaxy:android=\"Boxpush\""],"BreadSMS":["misp-galaxy:android=\"BreadSMS\""],"Burstly":["misp-galaxy:android=\"Burstly\""],"BusyGasper":["misp-galaxy:android=\"BusyGasper\"","misp-galaxy:malpedia=\"BusyGasper\""],"Buzzcity":["misp-galaxy:android=\"Buzzcity\""],"ByPush":["misp-galaxy:android=\"ByPush\""],"Cajino":["misp-galaxy:android=\"Cajino\""],"Casee":["misp-galaxy:android=\"Casee\""],"Catchtoken":["misp-galaxy:android=\"Catchtoken\""],"Cauly":["misp-galaxy:android=\"Cauly\""],"Cellshark":["misp-galaxy:android=\"Cellshark\""],"Centero":["misp-galaxy:android=\"Centero\""],"Cepsohord":["misp-galaxy:android=\"Cepsohord\""],"Chamois":["misp-galaxy:android=\"Chamois\"","misp-galaxy:malpedia=\"Chamois\""],"Chuli":["misp-galaxy:android=\"Chuli\""],"Citmo":["misp-galaxy:android=\"Citmo\""],"Claco":["misp-galaxy:android=\"Claco\""],"Clevernet":["misp-galaxy:android=\"Clevernet\""],"Cnappbox":["misp-galaxy:android=\"Cnappbox\""],"Cobblerone":["misp-galaxy:android=\"Cobblerone\""],"Coolpaperleak":["misp-galaxy:android=\"Coolpaperleak\""],"Coolreaper":["misp-galaxy:android=\"Coolreaper\""],"CopyCat":["misp-galaxy:android=\"CopyCat\""],"Cosha":["misp-galaxy:android=\"Cosha\""],"Counterclank":["misp-galaxy:android=\"Counterclank\""],"Crazymedia":["misp-galaxy:android=\"Crazymedia\""],"Crisis":["misp-galaxy:android=\"Crisis\"","misp-galaxy:malpedia=\"RCS\""],"Crusewind":["misp-galaxy:android=\"Crusewind\""],"Dandro":["misp-galaxy:android=\"Dandro\""],"Daoyoudao":["misp-galaxy:android=\"Daoyoudao\""],"Deathring":["misp-galaxy:android=\"Deathring\""],"Deeveemap":["misp-galaxy:android=\"Deeveemap\""],"Dendoroid":["misp-galaxy:android=\"Dendoroid\""],"Dengaru":["misp-galaxy:android=\"Dengaru\""],"Diandong":["misp-galaxy:android=\"Diandong\""],"Dianjin":["misp-galaxy:android=\"Dianjin\""],"Dogowar":["misp-galaxy:android=\"Dogowar\""],"Domob":["misp-galaxy:android=\"Domob\""],"DoubleLocker":["misp-galaxy:android=\"DoubleLocker\"","misp-galaxy:malpedia=\"DoubleLocker\""],"Dougalek":["misp-galaxy:android=\"Dougalek\""],"Dowgin":["misp-galaxy:android=\"Dowgin\""],"Droidsheep":["misp-galaxy:android=\"Droidsheep\""],"Dropdialer":["misp-galaxy:android=\"Dropdialer\""],"Dupvert":["misp-galaxy:android=\"Dupvert\""],"Dynamicit":["misp-galaxy:android=\"Dynamicit\""],"Ecardgrabber":["misp-galaxy:android=\"Ecardgrabber\""],"Ecobatry":["misp-galaxy:android=\"Ecobatry\""],"Enesoluty":["misp-galaxy:android=\"Enesoluty\""],"Everbadge":["misp-galaxy:android=\"Everbadge\""],"Ewalls":["misp-galaxy:android=\"Ewalls\""],"Expensive Wall":["misp-galaxy:android=\"Expensive Wall\""],"ExpensiveWall":["misp-galaxy:android=\"ExpensiveWall\""],"Exprespam":["misp-galaxy:android=\"Exprespam\""],"FakeLookout":["misp-galaxy:android=\"FakeLookout\""],"FakeMart":["misp-galaxy:android=\"FakeMart\""],"Fakealbums":["misp-galaxy:android=\"Fakealbums\""],"Fakeangry":["misp-galaxy:android=\"Fakeangry\""],"Fakeapp":["misp-galaxy:android=\"Fakeapp\""],"Fakebanco":["misp-galaxy:android=\"Fakebanco\""],"Fakebank":["misp-galaxy:android=\"Fakebank\""],"Fakebank.B":["misp-galaxy:android=\"Fakebank.B\""],"Fakebok":["misp-galaxy:android=\"Fakebok\""],"Fakedaum":["misp-galaxy:android=\"Fakedaum\""],"Fakedefender":["misp-galaxy:android=\"Fakedefender\""],"Fakedefender.B":["misp-galaxy:android=\"Fakedefender.B\""],"Fakedown":["misp-galaxy:android=\"Fakedown\""],"Fakeflash":["misp-galaxy:android=\"Fakeflash\""],"Fakegame":["misp-galaxy:android=\"Fakegame\""],"Fakeguard":["misp-galaxy:android=\"Fakeguard\""],"Fakejob":["misp-galaxy:android=\"Fakejob\""],"Fakekakao":["misp-galaxy:android=\"Fakekakao\""],"Fakelemon":["misp-galaxy:android=\"Fakelemon\""],"Fakelicense":["misp-galaxy:android=\"Fakelicense\""],"Fakelogin":["misp-galaxy:android=\"Fakelogin\""],"Fakem Rat":["misp-galaxy:android=\"Fakem Rat\""],"Fakemini":["misp-galaxy:android=\"Fakemini\""],"Fakemrat":["misp-galaxy:android=\"Fakemrat\""],"Fakeneflic":["misp-galaxy:android=\"Fakeneflic\""],"Fakenotify":["misp-galaxy:android=\"Fakenotify\""],"Fakepatch":["misp-galaxy:android=\"Fakepatch\""],"Fakeplay":["misp-galaxy:android=\"Fakeplay\""],"Fakescarav":["misp-galaxy:android=\"Fakescarav\""],"Fakesecsuit":["misp-galaxy:android=\"Fakesecsuit\""],"Fakesucon":["misp-galaxy:android=\"Fakesucon\""],"Faketaobao":["misp-galaxy:android=\"Faketaobao\""],"Faketaobao.B":["misp-galaxy:android=\"Faketaobao.B\""],"Faketoken":["misp-galaxy:android=\"Faketoken\""],"Fakeupdate":["misp-galaxy:android=\"Fakeupdate\""],"Fakevoice":["misp-galaxy:android=\"Fakevoice\""],"Farmbaby":["misp-galaxy:android=\"Farmbaby\""],"Fauxtocopy":["misp-galaxy:android=\"Fauxtocopy\""],"Feiwo":["misp-galaxy:android=\"Feiwo\""],"FindAndCall":["misp-galaxy:android=\"FindAndCall\""],"Finfish":["misp-galaxy:android=\"Finfish\""],"Fireleaker":["misp-galaxy:android=\"Fireleaker\""],"Fitikser":["misp-galaxy:android=\"Fitikser\""],"Flexispy":["misp-galaxy:android=\"Flexispy\""],"Fokonge":["misp-galaxy:android=\"Fokonge\""],"FoncySMS":["misp-galaxy:android=\"FoncySMS\""],"Frogonal":["misp-galaxy:android=\"Frogonal\""],"Ftad":["misp-galaxy:android=\"Ftad\""],"Funtasy":["misp-galaxy:android=\"Funtasy\""],"GM Bot":["misp-galaxy:android=\"GM Bot\""],"Acecard":["misp-galaxy:android=\"GM Bot\"","misp-galaxy:tool=\"Slempo\""],"SlemBunk":["misp-galaxy:android=\"GM Bot\"","misp-galaxy:malpedia=\"Slempo\"","misp-galaxy:tool=\"Slempo\""],"Gaiaphish":["misp-galaxy:android=\"Gaiaphish\""],"GallMe":["misp-galaxy:android=\"GallMe\""],"Gamex":["misp-galaxy:android=\"Gamex\""],"Gappusin":["misp-galaxy:android=\"Gappusin\""],"Gazon":["misp-galaxy:android=\"Gazon\""],"Geinimi":["misp-galaxy:android=\"Geinimi\""],"Generisk":["misp-galaxy:android=\"Generisk\""],"Genheur":["misp-galaxy:android=\"Genheur\""],"Genpush":["misp-galaxy:android=\"Genpush\""],"GeoFake":["misp-galaxy:android=\"GeoFake\""],"Geplook":["misp-galaxy:android=\"Geplook\""],"Getadpush":["misp-galaxy:android=\"Getadpush\""],"Ggtracker":["misp-galaxy:android=\"Ggtracker\""],"Ghost Push":["misp-galaxy:android=\"Ghost Push\"","misp-galaxy:mitre-malware=\"Gooligan - S0290\""],"Ghostpush":["misp-galaxy:android=\"Ghostpush\""],"Gmaster":["misp-galaxy:android=\"Gmaster\""],"Godwon":["misp-galaxy:android=\"Godwon\""],"Golddream":["misp-galaxy:android=\"Golddream\""],"Goldeneagle":["misp-galaxy:android=\"Goldeneagle\""],"Golocker":["misp-galaxy:android=\"Golocker\""],"Gomal":["misp-galaxy:android=\"Gomal\""],"Gonesixty":["misp-galaxy:android=\"Gonesixty\""],"Gonfu":["misp-galaxy:android=\"Gonfu\""],"Gonfu.B":["misp-galaxy:android=\"Gonfu.B\""],"Gonfu.C":["misp-galaxy:android=\"Gonfu.C\""],"Gonfu.D":["misp-galaxy:android=\"Gonfu.D\""],"Gooboot":["misp-galaxy:android=\"Gooboot\""],"Goodadpush":["misp-galaxy:android=\"Goodadpush\""],"Greystripe":["misp-galaxy:android=\"Greystripe\""],"Gugespy":["misp-galaxy:android=\"Gugespy\""],"Gugespy.B":["misp-galaxy:android=\"Gugespy.B\""],"Gupno":["misp-galaxy:android=\"Gupno\""],"Habey":["misp-galaxy:android=\"Habey\""],"Handyclient":["misp-galaxy:android=\"Handyclient\""],"Hehe":["misp-galaxy:android=\"Hehe\""],"HenBox":["misp-galaxy:android=\"HenBox\"","misp-galaxy:threat-actor=\"HenBox\""],"Hesperbot":["misp-galaxy:android=\"Hesperbot\""],"Hippo":["misp-galaxy:android=\"Hippo\""],"Hippo.B":["misp-galaxy:android=\"Hippo.B\""],"HummingBad":["misp-galaxy:android=\"HummingBad\"","misp-galaxy:mitre-malware=\"HummingBad - S0322\"","misp-galaxy:mitre-mobile-attack-malware=\"HummingBad - MOB-S0038\"","misp-galaxy:threat-actor=\"HummingBad\""],"IadPush":["misp-galaxy:android=\"IadPush\""],"IcicleGum":["misp-galaxy:android=\"IcicleGum\"","misp-galaxy:android=\"Igexin\""],"Iconosis":["misp-galaxy:android=\"Iconosis\""],"Iconosys":["misp-galaxy:android=\"Iconosys\""],"Igexin":["misp-galaxy:android=\"Igexin\""],"ImAdPush":["misp-galaxy:android=\"ImAdPush\""],"InMobi":["misp-galaxy:android=\"InMobi\""],"JamSkunk":["misp-galaxy:android=\"JamSkunk\""],"Jifake":["misp-galaxy:android=\"Jifake\""],"Jollyserv":["misp-galaxy:android=\"Jollyserv\""],"Jsmshider":["misp-galaxy:android=\"Jsmshider\""],"Ju6":["misp-galaxy:android=\"Ju6\""],"Judy":["misp-galaxy:android=\"Judy\"","misp-galaxy:mitre-malware=\"Judy - S0325\""],"Jumptap":["misp-galaxy:android=\"Jumptap\""],"Jzmob":["misp-galaxy:android=\"Jzmob\""],"Kabstamper":["misp-galaxy:android=\"Kabstamper\""],"Kemoge":["misp-galaxy:android=\"Kemoge\"","misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Kidlogger":["misp-galaxy:android=\"Kidlogger\""],"Kielog":["misp-galaxy:android=\"Kielog\""],"Kituri":["misp-galaxy:android=\"Kituri\""],"KoreFrog":["misp-galaxy:android=\"KoreFrog\""],"Kranxpay":["misp-galaxy:android=\"Kranxpay\""],"Krysanec":["misp-galaxy:android=\"Krysanec\""],"Kuaidian360":["misp-galaxy:android=\"Kuaidian360\""],"Kuguo":["misp-galaxy:android=\"Kuguo\""],"Lastacloud":["misp-galaxy:android=\"Lastacloud\""],"Laucassspy":["misp-galaxy:android=\"Laucassspy\""],"Lifemonspy":["misp-galaxy:android=\"Lifemonspy\""],"Lightdd":["misp-galaxy:android=\"Lightdd\""],"Loaderpush":["misp-galaxy:android=\"Loaderpush\""],"Loapi":["misp-galaxy:android=\"Loapi\""],"Locaspy":["misp-galaxy:android=\"Locaspy\""],"Lockdroid.E":["misp-galaxy:android=\"Lockdroid.E\""],"Lockdroid.F":["misp-galaxy:android=\"Lockdroid.F\""],"Lockdroid.G":["misp-galaxy:android=\"Lockdroid.G\""],"Lockdroid.H":["misp-galaxy:android=\"Lockdroid.H\""],"Lockscreen":["misp-galaxy:android=\"Lockscreen\""],"LogiaAd":["misp-galaxy:android=\"LogiaAd\""],"Loicdos":["misp-galaxy:android=\"Loicdos\""],"LokiBot":["misp-galaxy:android=\"LokiBot\"","misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\"","misp-galaxy:malpedia=\"LokiBot\""],"Loozfon":["misp-galaxy:android=\"Loozfon\""],"Lotoor":["misp-galaxy:android=\"Lotoor\""],"Lovespy":["misp-galaxy:android=\"Lovespy\""],"Lovetrap":["misp-galaxy:android=\"Lovetrap\""],"Luckycat":["misp-galaxy:android=\"Luckycat\""],"Machinleak":["misp-galaxy:android=\"Machinleak\""],"Maistealer":["misp-galaxy:android=\"Maistealer\""],"Malapp":["misp-galaxy:android=\"Malapp\""],"Malebook":["misp-galaxy:android=\"Malebook\""],"Malhome":["misp-galaxy:android=\"Malhome\""],"Malminer":["misp-galaxy:android=\"Malminer\""],"Mania":["misp-galaxy:android=\"Mania\""],"Maxit":["misp-galaxy:android=\"Maxit\""],"MdotM":["misp-galaxy:android=\"MdotM\""],"Medialets":["misp-galaxy:android=\"Medialets\""],"Meshidden":["misp-galaxy:android=\"Meshidden\""],"Mesploit":["misp-galaxy:android=\"Mesploit\""],"Mesprank":["misp-galaxy:android=\"Mesprank\""],"Meswatcherbox":["misp-galaxy:android=\"Meswatcherbox\""],"Miji":["misp-galaxy:android=\"Miji\""],"Milipnot":["misp-galaxy:android=\"Milipnot\""],"MillennialMedia":["misp-galaxy:android=\"MillennialMedia\""],"Mitcad":["misp-galaxy:android=\"Mitcad\""],"MoPub":["misp-galaxy:android=\"MoPub\""],"MobClix":["misp-galaxy:android=\"MobClix\""],"MobFox":["misp-galaxy:android=\"MobFox\""],"MobWin":["misp-galaxy:android=\"MobWin\""],"Mobidisplay":["misp-galaxy:android=\"Mobidisplay\""],"Mobigapp":["misp-galaxy:android=\"Mobigapp\""],"MobileBackup":["misp-galaxy:android=\"MobileBackup\""],"Mobilespy":["misp-galaxy:android=\"Mobilespy\""],"Mobiletx":["misp-galaxy:android=\"Mobiletx\""],"Mobinaspy":["misp-galaxy:android=\"Mobinaspy\""],"Mobus":["misp-galaxy:android=\"Mobus\""],"Mocore":["misp-galaxy:android=\"Mocore\""],"Moghava":["misp-galaxy:android=\"Moghava\""],"Momark":["misp-galaxy:android=\"Momark\""],"Monitorello":["misp-galaxy:android=\"Monitorello\""],"Moolah":["misp-galaxy:android=\"Moolah\""],"Moplus":["misp-galaxy:android=\"Moplus\""],"Morepaks":["misp-galaxy:android=\"Morepaks\""],"MysteryBot":["misp-galaxy:android=\"MysteryBot\"","misp-galaxy:malpedia=\"MysteryBot\""],"Nandrobox":["misp-galaxy:android=\"Nandrobox\""],"Netisend":["misp-galaxy:android=\"Netisend\""],"Nickispy":["misp-galaxy:android=\"Nickispy\""],"Notcompatible":["misp-galaxy:android=\"Notcompatible\""],"Nuhaz":["misp-galaxy:android=\"Nuhaz\""],"Nyearleaker":["misp-galaxy:android=\"Nyearleaker\""],"Obad":["misp-galaxy:android=\"Obad\""],"Oneclickfraud":["misp-galaxy:android=\"Oneclickfraud\""],"Opfake":["misp-galaxy:android=\"Opfake\""],"Opfake.B":["misp-galaxy:android=\"Opfake.B\""],"Ozotshielder":["misp-galaxy:android=\"Ozotshielder\""],"Pafloat":["misp-galaxy:android=\"Pafloat\""],"PandaAds":["misp-galaxy:android=\"PandaAds\""],"Pandbot":["misp-galaxy:android=\"Pandbot\""],"Pdaspy":["misp-galaxy:android=\"Pdaspy\""],"Penetho":["misp-galaxy:android=\"Penetho\""],"Perkel":["misp-galaxy:android=\"Perkel\""],"Phimdropper":["misp-galaxy:android=\"Phimdropper\""],"Phospy":["misp-galaxy:android=\"Phospy\""],"Piddialer":["misp-galaxy:android=\"Piddialer\""],"Pikspam":["misp-galaxy:android=\"Pikspam\""],"Pincer":["misp-galaxy:android=\"Pincer\""],"Pirator":["misp-galaxy:android=\"Pirator\""],"Pjapps":["misp-galaxy:android=\"Pjapps\""],"Pjapps.B":["misp-galaxy:android=\"Pjapps.B\""],"Pletora":["misp-galaxy:android=\"Pletora\""],"Podec":["misp-galaxy:android=\"Podec\"","misp-galaxy:malpedia=\"Podec\""],"Poisoncake":["misp-galaxy:android=\"Poisoncake\""],"Pontiflex":["misp-galaxy:android=\"Pontiflex\""],"Positmob":["misp-galaxy:android=\"Positmob\""],"Premiumtext":["misp-galaxy:android=\"Premiumtext\""],"Pris":["misp-galaxy:android=\"Pris\""],"Qdplugin":["misp-galaxy:android=\"Qdplugin\""],"Qicsomos":["misp-galaxy:android=\"Qicsomos\""],"Qitmo":["misp-galaxy:android=\"Qitmo\""],"Rabbhome":["misp-galaxy:android=\"Rabbhome\""],"Razdel":["misp-galaxy:android=\"Razdel\""],"RedAlert2":["misp-galaxy:android=\"RedAlert2\"","misp-galaxy:malpedia=\"RedAlert2\""],"RedDrop":["misp-galaxy:android=\"RedDrop\"","misp-galaxy:mitre-malware=\"RedDrop - S0326\""],"Repane":["misp-galaxy:android=\"Repane\""],"Reputation.1":["misp-galaxy:android=\"Reputation.1\""],"Reputation.2":["misp-galaxy:android=\"Reputation.2\""],"Reputation.3":["misp-galaxy:android=\"Reputation.3\""],"RevMob":["misp-galaxy:android=\"RevMob\""],"Roidsec":["misp-galaxy:android=\"Roidsec\""],"Rootcager":["misp-galaxy:android=\"Rootcager\""],"Rootnik":["misp-galaxy:android=\"Rootnik\"","misp-galaxy:malpedia=\"Rootnik\""],"Rufraud":["misp-galaxy:android=\"Rufraud\""],"Rusms":["misp-galaxy:android=\"Rusms\""],"SLocker":["misp-galaxy:android=\"SLocker\""],"SMSLocker":["misp-galaxy:android=\"SLocker\""],"SMSReplicator":["misp-galaxy:android=\"SMSReplicator\""],"Samsapo":["misp-galaxy:android=\"Samsapo\""],"Sandorat":["misp-galaxy:android=\"Sandorat\""],"Sberick":["misp-galaxy:android=\"Sberick\""],"Scartibro":["misp-galaxy:android=\"Scartibro\""],"Scipiex":["misp-galaxy:android=\"Scipiex\""],"Selfmite":["misp-galaxy:android=\"Selfmite\""],"Selfmite.B":["misp-galaxy:android=\"Selfmite.B\""],"SellARing":["misp-galaxy:android=\"SellARing\""],"SendDroid":["misp-galaxy:android=\"SendDroid\""],"Simhosy":["misp-galaxy:android=\"Simhosy\""],"Simplocker":["misp-galaxy:android=\"Simplocker\""],"Simplocker.B":["misp-galaxy:android=\"Simplocker.B\""],"Skullkey":["misp-galaxy:android=\"Skullkey\""],"Skygofree":["misp-galaxy:android=\"Skygofree\"","misp-galaxy:malpedia=\"Skygofree\"","misp-galaxy:mitre-malware=\"Skygofree - S0327\""],"Smaato":["misp-galaxy:android=\"Smaato\""],"Smbcheck":["misp-galaxy:android=\"Smbcheck\""],"Smsblocker":["misp-galaxy:android=\"Smsblocker\""],"Smsbomber":["misp-galaxy:android=\"Smsbomber\""],"Smslink":["misp-galaxy:android=\"Smslink\""],"Smspacem":["misp-galaxy:android=\"Smspacem\""],"Smssniffer":["misp-galaxy:android=\"Smssniffer\""],"Smsstealer":["misp-galaxy:android=\"Smsstealer\""],"Smstibook":["misp-galaxy:android=\"Smstibook\""],"Smszombie":["misp-galaxy:android=\"Smszombie\""],"Snadapps":["misp-galaxy:android=\"Snadapps\""],"Sockbot":["misp-galaxy:android=\"Sockbot\""],"Sofacy":["misp-galaxy:android=\"Sofacy\"","misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\"","misp-galaxy:tool=\"CORESHELL\"","misp-galaxy:tool=\"GAMEFISH\"","misp-galaxy:tool=\"SOURFACE\""],"Sosceo":["misp-galaxy:android=\"Sosceo\""],"Spitmo":["misp-galaxy:android=\"Spitmo\""],"Spitmo.B":["misp-galaxy:android=\"Spitmo.B\""],"Spyagent":["misp-galaxy:android=\"Spyagent\""],"Spybubble":["misp-galaxy:android=\"Spybubble\""],"Spydafon":["misp-galaxy:android=\"Spydafon\""],"Spymple":["misp-galaxy:android=\"Spymple\""],"Spyoo":["misp-galaxy:android=\"Spyoo\""],"Spytekcell":["misp-galaxy:android=\"Spytekcell\""],"Spytrack":["misp-galaxy:android=\"Spytrack\""],"Spywaller":["misp-galaxy:android=\"Spywaller\""],"Stealthgenie":["misp-galaxy:android=\"Stealthgenie\""],"Steek":["misp-galaxy:android=\"Steek\""],"Stels":["misp-galaxy:android=\"Stels\""],"Stiniter":["misp-galaxy:android=\"Stiniter\""],"Sumzand":["misp-galaxy:android=\"Sumzand\""],"Svpeng":["misp-galaxy:android=\"Svpeng\"","misp-galaxy:malpedia=\"Svpeng\"","misp-galaxy:tool=\"Svpeng\""],"Invisble Man":["misp-galaxy:android=\"Svpeng\""],"Switcher":["misp-galaxy:android=\"Switcher\"","misp-galaxy:malpedia=\"Switcher\""],"Sysecsms":["misp-galaxy:android=\"Sysecsms\""],"Tanci":["misp-galaxy:android=\"Tanci\""],"Tapjoy":["misp-galaxy:android=\"Tapjoy\""],"Tapsnake":["misp-galaxy:android=\"Tapsnake\""],"Tascudap":["misp-galaxy:android=\"Tascudap\""],"Teelog":["misp-galaxy:android=\"Teelog\""],"Temai":["misp-galaxy:android=\"Temai\""],"Tetus":["misp-galaxy:android=\"Tetus\""],"Tgpush":["misp-galaxy:android=\"Tgpush\""],"Tigerbot":["misp-galaxy:android=\"Tigerbot\""],"Tizi":["misp-galaxy:android=\"Tizi\""],"Tonclank":["misp-galaxy:android=\"Tonclank\""],"Triout":["misp-galaxy:android=\"Triout\"","misp-galaxy:malpedia=\"Triout\""],"Trogle":["misp-galaxy:android=\"Trogle\""],"Twikabot":["misp-galaxy:android=\"Twikabot\""],"Uapush":["misp-galaxy:android=\"Uapush\""],"Umeng":["misp-galaxy:android=\"Umeng\""],"Updtbot":["misp-galaxy:android=\"Updtbot\""],"Upush":["misp-galaxy:android=\"Upush\""],"Uracto":["misp-galaxy:android=\"Uracto\""],"Uranico":["misp-galaxy:android=\"Uranico\""],"Usbcleaver":["misp-galaxy:android=\"Usbcleaver\""],"Utchi":["misp-galaxy:android=\"Utchi\""],"Uten":["misp-galaxy:android=\"Uten\""],"Uupay":["misp-galaxy:android=\"Uupay\""],"Uxipp":["misp-galaxy:android=\"Uxipp\""],"VDopia":["misp-galaxy:android=\"VDopia\""],"VServ":["misp-galaxy:android=\"VServ\""],"Vdloader":["misp-galaxy:android=\"Vdloader\""],"Vibleaker":["misp-galaxy:android=\"Vibleaker\""],"Viking Horde":["misp-galaxy:android=\"Viking Horde\""],"Virusshield":["misp-galaxy:android=\"Virusshield\""],"Walkinwat":["misp-galaxy:android=\"Walkinwat\""],"WannaLocker":["misp-galaxy:android=\"WannaLocker\""],"Waps":["misp-galaxy:android=\"Waps\""],"Waren":["misp-galaxy:android=\"Waren\""],"Windseeker":["misp-galaxy:android=\"Windseeker\""],"Wirex":["misp-galaxy:android=\"Wirex\""],"Wiyun":["misp-galaxy:android=\"Wiyun\""],"Wooboo":["misp-galaxy:android=\"Wooboo\""],"Wqmobile":["misp-galaxy:android=\"Wqmobile\""],"YahooAds":["misp-galaxy:android=\"YahooAds\""],"Yatoot":["misp-galaxy:android=\"Yatoot\""],"Yinhan":["misp-galaxy:android=\"Yinhan\""],"Youmi":["misp-galaxy:android=\"Youmi\""],"YuMe":["misp-galaxy:android=\"YuMe\""],"Zeahache":["misp-galaxy:android=\"Zeahache\""],"ZertSecurity":["misp-galaxy:android=\"ZertSecurity\""],"ZestAdz":["misp-galaxy:android=\"ZestAdz\""],"Zeusmitmo":["misp-galaxy:android=\"Zeusmitmo\""],"iBanking":["misp-galaxy:android=\"iBanking\""],"Rising Sun":["misp-galaxy:backdoor=\"Rising Sun\"","misp-galaxy:malpedia=\"Rising Sun\""],"Rosenbridge":["misp-galaxy:backdoor=\"Rosenbridge\""],"SLUB":["misp-galaxy:backdoor=\"SLUB\"","misp-galaxy:malpedia=\"SLUB\""],"ServHelper":["misp-galaxy:backdoor=\"ServHelper\"","misp-galaxy:malpedia=\"ServHelper\""],"WellMess":["misp-galaxy:backdoor=\"WellMess\"","misp-galaxy:malpedia=\"WellMess\""],"Atmos":["misp-galaxy:banker=\"Atmos\""],"Backswap":["misp-galaxy:banker=\"Backswap\""],"Banjori":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"MultiBanker 2":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"BankPatch":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"BackPatcher":["misp-galaxy:banker=\"Banjori\"","misp-galaxy:malpedia=\"Banjori\""],"Bebloh":["misp-galaxy:banker=\"Bebloh\"","misp-galaxy:malpedia=\"UrlZone\""],"URLZone":["misp-galaxy:banker=\"Bebloh\""],"Shiotob":["misp-galaxy:banker=\"Bebloh\"","misp-galaxy:malpedia=\"UrlZone\""],"CamuBot":["misp-galaxy:banker=\"CamuBot\"","misp-galaxy:malpedia=\"CamuBot\""],"Chthonic":["misp-galaxy:banker=\"Chthonic\"","misp-galaxy:malpedia=\"Chthonic\""],"Chtonic":["misp-galaxy:banker=\"Chthonic\""],"Citadel":["misp-galaxy:banker=\"Citadel\"","misp-galaxy:malpedia=\"Citadel\""],"Corebot":["misp-galaxy:banker=\"Corebot\"","misp-galaxy:malpedia=\"Corebot\""],"DanaBot":["misp-galaxy:banker=\"DanaBot\"","misp-galaxy:malpedia=\"DanaBot\""],"Dok":["misp-galaxy:banker=\"Dok\"","misp-galaxy:malpedia=\"Dok\"","misp-galaxy:mitre-malware=\"Dok - S0281\""],"Dreambot":["misp-galaxy:banker=\"Dreambot\""],"Dridex":["misp-galaxy:banker=\"Dridex\"","misp-galaxy:malpedia=\"Dridex\"","misp-galaxy:tool=\"Dridex\""],"Feodo Version D":["misp-galaxy:banker=\"Dridex\""],"Dyre":["misp-galaxy:banker=\"Dyre\"","misp-galaxy:malpedia=\"Dyre\"","misp-galaxy:mitre-enterprise-attack-malware=\"Dyre - S0024\"","misp-galaxy:mitre-malware=\"Dyre - S0024\""],"Dyreza":["misp-galaxy:banker=\"Dyre\"","misp-galaxy:malpedia=\"Dyre\""],"Feodo":["misp-galaxy:banker=\"Feodo\"","misp-galaxy:malpedia=\"Feodo\""],"Bugat":["misp-galaxy:banker=\"Feodo\"","misp-galaxy:malpedia=\"Bugat\"","misp-galaxy:malpedia=\"Feodo\""],"Cridex":["misp-galaxy:banker=\"Feodo\"","misp-galaxy:malpedia=\"Feodo\"","misp-galaxy:tool=\"Dridex\""],"Fobber":["misp-galaxy:banker=\"Fobber\"","misp-galaxy:malpedia=\"Fobber\""],"Geodo":["misp-galaxy:banker=\"Geodo\"","misp-galaxy:malpedia=\"Emotet\"","misp-galaxy:malpedia=\"Geodo\"","misp-galaxy:mitre-malware=\"Emotet - S0367\"","misp-galaxy:tool=\"Emotet\""],"Feodo Version C":["misp-galaxy:banker=\"Geodo\""],"Emotet":["misp-galaxy:banker=\"Geodo\"","misp-galaxy:malpedia=\"Emotet\"","misp-galaxy:malpedia=\"Geodo\"","misp-galaxy:mitre-malware=\"Emotet - S0367\"","misp-galaxy:tool=\"Emotet\""],"GozNym":["misp-galaxy:banker=\"GozNym\"","misp-galaxy:threat-actor=\"GozNym\""],"Gozi ISFB":["misp-galaxy:banker=\"Gozi ISFB\"","misp-galaxy:malpedia=\"ISFB\""],"Gozi":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\""],"Ursnif":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\"","misp-galaxy:malpedia=\"Snifula\"","misp-galaxy:tool=\"Snifula\""],"CRM":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\""],"Snifula":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\"","misp-galaxy:malpedia=\"Snifula\"","misp-galaxy:tool=\"Snifula\""],"Papras":["misp-galaxy:banker=\"Gozi\"","misp-galaxy:malpedia=\"Gozi\""],"Goziv2":["misp-galaxy:banker=\"Goziv2\""],"Prinimalka":["misp-galaxy:banker=\"Goziv2\""],"GratefulPOS":["misp-galaxy:banker=\"GratefulPOS\"","misp-galaxy:tool=\"GratefulPOS\""],"IAP":["misp-galaxy:banker=\"IAP\"","misp-galaxy:malpedia=\"ISFB\""],"Ice IX":["misp-galaxy:banker=\"Ice IX\"","misp-galaxy:malpedia=\"Ice IX\""],"IcedID":["misp-galaxy:banker=\"IcedID\"","misp-galaxy:malpedia=\"IcedID\""],"Karius":["misp-galaxy:banker=\"Karius\"","misp-galaxy:malpedia=\"Karius\""],"Kronos":["misp-galaxy:banker=\"Kronos\"","misp-galaxy:malpedia=\"Kronos\""],"Licat":["misp-galaxy:banker=\"Licat\""],"Murofet":["misp-galaxy:banker=\"Licat\"","misp-galaxy:malpedia=\"Murofet\""],"Matrix Banker":["misp-galaxy:banker=\"Matrix Banker\"","misp-galaxy:malpedia=\"Matrix Banker\""],"Panda Banker":["misp-galaxy:banker=\"Panda Banker\""],"Zeus Panda":["misp-galaxy:banker=\"Panda Banker\"","misp-galaxy:mitre-malware=\"Zeus Panda - S0330\""],"Qadars":["misp-galaxy:banker=\"Qadars\"","misp-galaxy:malpedia=\"Qadars\""],"Qakbot":["misp-galaxy:banker=\"Qakbot\"","misp-galaxy:tool=\"Akbot\""],"Qbot ":["misp-galaxy:banker=\"Qakbot\""],"Pinkslipbot":["misp-galaxy:banker=\"Qakbot\"","misp-galaxy:malpedia=\"QakBot\""],"Ramnit":["misp-galaxy:banker=\"Ramnit\"","misp-galaxy:botnet=\"Ramnit\"","misp-galaxy:malpedia=\"Ramnit\""],"Nimnul":["misp-galaxy:banker=\"Ramnit\"","misp-galaxy:malpedia=\"Ramnit\""],"Ranbyus":["misp-galaxy:banker=\"Ranbyus\"","misp-galaxy:malpedia=\"Ranbyus\""],"ReactorBot":["misp-galaxy:banker=\"ReactorBot\"","misp-galaxy:malpedia=\"ReactorBot\""],"Retefe":["misp-galaxy:banker=\"Retefe\"","misp-galaxy:malpedia=\"Dok\"","misp-galaxy:mitre-malware=\"Dok - S0281\""],"Tsukuba":["misp-galaxy:banker=\"Retefe\"","misp-galaxy:malpedia=\"Retefe (Windows)\""],"Werdlod":["misp-galaxy:banker=\"Retefe\"","misp-galaxy:malpedia=\"Retefe (Windows)\""],"Sisron":["misp-galaxy:banker=\"Sisron\""],"Skynet":["misp-galaxy:banker=\"Skynet\""],"Smominru":["misp-galaxy:banker=\"Smominru\"","misp-galaxy:malpedia=\"Smominru\""],"Ismo":["misp-galaxy:banker=\"Smominru\"","misp-galaxy:malpedia=\"Smominru\""],"lsmo":["misp-galaxy:banker=\"Smominru\""],"SpyEye":["misp-galaxy:banker=\"SpyEye\""],"Tinba":["misp-galaxy:banker=\"Tinba\"","misp-galaxy:malpedia=\"Tinba\"","misp-galaxy:tool=\"Tinba\""],"Zusy":["misp-galaxy:banker=\"Tinba\"","misp-galaxy:malpedia=\"Tinba\"","misp-galaxy:tool=\"Tinba\""],"TinyBanker":["misp-galaxy:banker=\"Tinba\"","misp-galaxy:malpedia=\"Tinba\"","misp-galaxy:tool=\"Tinba\""],"illi":["misp-galaxy:banker=\"Tinba\""],"TinyNuke":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"NukeBot":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"Nuclear Bot":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"MicroBankingTrojan":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\""],"Xbot":["misp-galaxy:banker=\"TinyNuke\"","misp-galaxy:malpedia=\"TinyNuke\"","misp-galaxy:malpedia=\"Xbot\"","misp-galaxy:mitre-mobile-attack-tool=\"Xbot - MOB-S0014\"","misp-galaxy:mitre-tool=\"Xbot - S0298\""],"Trickbot":["misp-galaxy:banker=\"Trickbot\""],"Trickster":["misp-galaxy:banker=\"Trickbot\"","misp-galaxy:malpedia=\"TrickBot\""],"Trickloader":["misp-galaxy:banker=\"Trickbot\""],"Vawtrak":["misp-galaxy:banker=\"Vawtrak\"","misp-galaxy:malpedia=\"Vawtrak\"","misp-galaxy:tool=\"Vawtrak\""],"Neverquest":["misp-galaxy:banker=\"Vawtrak\""],"Zeus Gameover":["misp-galaxy:banker=\"Zeus Gameover\""],"Zeus KINS":["misp-galaxy:banker=\"Zeus KINS\""],"Kasper Internet Non-Security":["misp-galaxy:banker=\"Zeus KINS\"","misp-galaxy:malpedia=\"KINS\""],"Maple":["misp-galaxy:banker=\"Zeus KINS\"","misp-galaxy:malpedia=\"KINS\""],"Zeus Sphinx":["misp-galaxy:banker=\"Zeus Sphinx\"","misp-galaxy:malpedia=\"Zeus Sphinx\""],"Zeus VM":["misp-galaxy:banker=\"Zeus VM\""],"VM Zeus":["misp-galaxy:banker=\"Zeus VM\"","misp-galaxy:malpedia=\"VM Zeus\""],"Zeus":["misp-galaxy:banker=\"Zeus\"","misp-galaxy:botnet=\"Zeus\"","misp-galaxy:malpedia=\"Zeus\"","misp-galaxy:tool=\"Zeus\""],"Zbot":["misp-galaxy:banker=\"Zeus\"","misp-galaxy:botnet=\"Zeus\"","misp-galaxy:malpedia=\"Zeus\"","misp-galaxy:tool=\"Zeus\""],"Zitmo":["misp-galaxy:banker=\"Zitmo\""],"Zloader Zeus":["misp-galaxy:banker=\"Zloader Zeus\""],"Zeus Terdot":["misp-galaxy:banker=\"Zloader Zeus\""],"downAndExec":["misp-galaxy:banker=\"downAndExec\""],"ADB.miner":["misp-galaxy:botnet=\"ADB.miner\""],"AESDDoS":["misp-galaxy:botnet=\"AESDDoS\""],"Akbot":["misp-galaxy:botnet=\"Akbot\"","misp-galaxy:tool=\"Akbot\""],"Asprox":["misp-galaxy:botnet=\"Asprox\"","misp-galaxy:malpedia=\"Asprox\""],"Badsrc":["misp-galaxy:botnet=\"Asprox\""],"Aseljo":["misp-galaxy:botnet=\"Asprox\"","misp-galaxy:malpedia=\"Asprox\""],"Danmec":["misp-galaxy:botnet=\"Asprox\""],"Hydraflux":["misp-galaxy:botnet=\"Asprox\""],"Bagle":["misp-galaxy:botnet=\"Bagle\"","misp-galaxy:malpedia=\"Bagle\""],"Beagle":["misp-galaxy:botnet=\"Bagle\""],"Mitglieder":["misp-galaxy:botnet=\"Bagle\""],"Lodeight":["misp-galaxy:botnet=\"Bagle\""],"Bamital":["misp-galaxy:botnet=\"Bamital\""],"Mdrop-CSK":["misp-galaxy:botnet=\"Bamital\""],"Agent-OCF":["misp-galaxy:botnet=\"Bamital\""],"Beebone":["misp-galaxy:botnet=\"Beebone\""],"BetaBot":["misp-galaxy:botnet=\"BetaBot\"","misp-galaxy:malpedia=\"BetaBot\""],"Brain Food":["misp-galaxy:botnet=\"Brain Food\""],"BredoLab":["misp-galaxy:botnet=\"BredoLab\""],"Oficla":["misp-galaxy:botnet=\"BredoLab\"","misp-galaxy:malpedia=\"Sasfis\"","misp-galaxy:tool=\"Oficla\""],"Chalubo":["misp-galaxy:botnet=\"Chalubo\""],"Chameleon":["misp-galaxy:botnet=\"Chameleon\""],"Conficker":["misp-galaxy:botnet=\"Conficker\"","misp-galaxy:malpedia=\"Conficker\""],"DownUp":["misp-galaxy:botnet=\"Conficker\""],"DownAndUp":["misp-galaxy:botnet=\"Conficker\""],"DownAdUp":["misp-galaxy:botnet=\"Conficker\""],"Kido":["misp-galaxy:botnet=\"Conficker\"","misp-galaxy:malpedia=\"Conficker\""],"Cutwail":["misp-galaxy:botnet=\"Cutwail\"","misp-galaxy:malpedia=\"Cutwail\""],"Pandex":["misp-galaxy:botnet=\"Cutwail\""],"Mutant":["misp-galaxy:botnet=\"Cutwail\""],"Donbot":["misp-galaxy:botnet=\"Donbot\""],"Buzus":["misp-galaxy:botnet=\"Donbot\"","misp-galaxy:malpedia=\"Buzus\""],"Bachsoy":["misp-galaxy:botnet=\"Donbot\""],"Festi":["misp-galaxy:botnet=\"Festi\""],"Spamnost":["misp-galaxy:botnet=\"Festi\""],"Gafgyt":["misp-galaxy:botnet=\"Gafgyt\"","misp-galaxy:malpedia=\"Bashlite\"","misp-galaxy:tool=\"Gafgyt\""],"Bashlite":["misp-galaxy:botnet=\"Gafgyt\"","misp-galaxy:malpedia=\"Bashlite\""],"Gheg":["misp-galaxy:botnet=\"Gheg\"","misp-galaxy:malpedia=\"Tofsee\""],"Tofsee":["misp-galaxy:botnet=\"Gheg\"","misp-galaxy:malpedia=\"Tofsee\""],"Mondera":["misp-galaxy:botnet=\"Gheg\""],"Grum":["misp-galaxy:botnet=\"Grum\""],"Tedroo":["misp-galaxy:botnet=\"Grum\""],"Reddyb":["misp-galaxy:botnet=\"Grum\""],"Gumblar":["misp-galaxy:botnet=\"Gumblar\""],"Hajime":["misp-galaxy:botnet=\"Hajime\"","misp-galaxy:malpedia=\"Hajime\""],"Hide and Seek":["misp-galaxy:botnet=\"Hide and Seek\"","misp-galaxy:malpedia=\"Hide and Seek\""],"HNS":["misp-galaxy:botnet=\"Hide and Seek\"","misp-galaxy:malpedia=\"Hide and Seek\""],"Hide 'N Seek":["misp-galaxy:botnet=\"Hide and Seek\""],"Kelihos":["misp-galaxy:botnet=\"Kelihos\"","misp-galaxy:malpedia=\"Kelihos\""],"Hlux":["misp-galaxy:botnet=\"Kelihos\""],"Kraken":["misp-galaxy:botnet=\"Kraken\"","misp-galaxy:botnet=\"Marina Botnet\"","misp-galaxy:malpedia=\"Kraken\""],"Kracken":["misp-galaxy:botnet=\"Kraken\""],"Lethic":["misp-galaxy:botnet=\"Lethic\"","misp-galaxy:malpedia=\"Lethic\""],"LowSec":["misp-galaxy:botnet=\"LowSec\""],"LowSecurity":["misp-galaxy:botnet=\"LowSec\""],"FreeMoney":["misp-galaxy:botnet=\"LowSec\""],"Ring0.Tools":["misp-galaxy:botnet=\"LowSec\""],"Maazben":["misp-galaxy:botnet=\"Maazben\""],"Madmax":["misp-galaxy:botnet=\"Madmax\""],"Mad Max":["misp-galaxy:botnet=\"Madmax\"","misp-galaxy:tool=\"Mad Max\""],"Marina Botnet":["misp-galaxy:botnet=\"Marina Botnet\""],"Damon Briant":["misp-galaxy:botnet=\"Marina Botnet\""],"BOB.dc":["misp-galaxy:botnet=\"Marina Botnet\""],"Cotmonger":["misp-galaxy:botnet=\"Marina Botnet\""],"Hacktool.Spammer":["misp-galaxy:botnet=\"Marina Botnet\""],"Mariposa":["misp-galaxy:botnet=\"Mariposa\""],"Mega-D":["misp-galaxy:botnet=\"Mega-D\""],"Ozdok":["misp-galaxy:botnet=\"Mega-D\""],"Mettle":["misp-galaxy:botnet=\"Mettle\""],"Mirai":["misp-galaxy:botnet=\"Mirai\"","misp-galaxy:tool=\"Mirai\""],"Muhstik":["misp-galaxy:botnet=\"Muhstik\"","misp-galaxy:malpedia=\"Tsunami (ELF)\""],"Nucrypt":["misp-galaxy:botnet=\"Nucrypt\""],"Onewordsub":["misp-galaxy:botnet=\"Onewordsub\""],"Owari":["misp-galaxy:botnet=\"Owari\"","misp-galaxy:malpedia=\"Owari\""],"Persirai":["misp-galaxy:botnet=\"Persirai\"","misp-galaxy:malpedia=\"Persirai\""],"Pontoeb":["misp-galaxy:botnet=\"Pontoeb\""],"N0ise":["misp-galaxy:botnet=\"Pontoeb\""],"Pushdo":["misp-galaxy:botnet=\"Pushdo\"","misp-galaxy:malpedia=\"Pushdo\""],"Rustock":["misp-galaxy:botnet=\"Rustock\"","misp-galaxy:malpedia=\"Rustock\""],"RKRustok":["misp-galaxy:botnet=\"Rustock\""],"Costrat":["misp-galaxy:botnet=\"Rustock\""],"Sality":["misp-galaxy:botnet=\"Sality\"","misp-galaxy:botnet=\"Sality\"","misp-galaxy:malpedia=\"Sality\""],"Sector":["misp-galaxy:botnet=\"Sality\""],"Kuku":["misp-galaxy:botnet=\"Sality\""],"SalLoad":["misp-galaxy:botnet=\"Sality\""],"Kookoo":["misp-galaxy:botnet=\"Sality\""],"SaliCode":["misp-galaxy:botnet=\"Sality\""],"Kukacka":["misp-galaxy:botnet=\"Sality\""],"Satori":["misp-galaxy:botnet=\"Satori\"","misp-galaxy:malpedia=\"Satori\"","misp-galaxy:tool=\"Satori\""],"Okiru":["misp-galaxy:botnet=\"Satori\"","misp-galaxy:tool=\"Satori\""],"Simda":["misp-galaxy:botnet=\"Simda\"","misp-galaxy:malpedia=\"Simda\""],"Sora":["misp-galaxy:botnet=\"Sora\""],"Mirai Sora":["misp-galaxy:botnet=\"Sora\""],"Spamthru":["misp-galaxy:botnet=\"Spamthru\""],"Spam-DComServ":["misp-galaxy:botnet=\"Spamthru\""],"Covesmer":["misp-galaxy:botnet=\"Spamthru\""],"Xmiler":["misp-galaxy:botnet=\"Spamthru\""],"Srizbi":["misp-galaxy:botnet=\"Srizbi\""],"Cbeplay":["misp-galaxy:botnet=\"Srizbi\""],"Exchanger":["misp-galaxy:botnet=\"Srizbi\""],"Storm":["misp-galaxy:botnet=\"Storm\""],"Nuwar":["misp-galaxy:botnet=\"Storm\""],"Peacomm":["misp-galaxy:botnet=\"Storm\""],"Zhelatin":["misp-galaxy:botnet=\"Storm\""],"Dorf":["misp-galaxy:botnet=\"Storm\""],"Ecard":["misp-galaxy:botnet=\"Storm\""],"TDL4":["misp-galaxy:botnet=\"TDL4\""],"TDSS":["misp-galaxy:botnet=\"TDL4\"","misp-galaxy:malpedia=\"Alureon\""],"Alureon":["misp-galaxy:botnet=\"TDL4\"","misp-galaxy:malpedia=\"Alureon\""],"Torii":["misp-galaxy:botnet=\"Torii\"","misp-galaxy:malpedia=\"Torii\""],"Torpig":["misp-galaxy:botnet=\"Torpig\"","misp-galaxy:malpedia=\"Sinowal\""],"Sinowal":["misp-galaxy:botnet=\"Torpig\"","misp-galaxy:malpedia=\"Sinowal\""],"Anserin":["misp-galaxy:botnet=\"Torpig\"","misp-galaxy:malpedia=\"Sinowal\""],"Trik Spam Botnet":["misp-galaxy:botnet=\"Trik Spam Botnet\""],"Trik Trojan":["misp-galaxy:botnet=\"Trik Spam Botnet\""],"Virut":["misp-galaxy:botnet=\"Virut\"","misp-galaxy:malpedia=\"Virut\""],"Vulcanbot":["misp-galaxy:botnet=\"Vulcanbot\""],"Waledac":["misp-galaxy:botnet=\"Waledac\""],"Waled":["misp-galaxy:botnet=\"Waledac\""],"Waledpak":["misp-galaxy:botnet=\"Waledac\""],"Wopla":["misp-galaxy:botnet=\"Wopla\""],"Xarvester":["misp-galaxy:botnet=\"Xarvester\""],"Rlsloup":["misp-galaxy:botnet=\"Xarvester\""],"Pixoliz":["misp-galaxy:botnet=\"Xarvester\""],"XorDDoS":["misp-galaxy:botnet=\"XorDDoS\""],"Zer0n3t":["misp-galaxy:botnet=\"Zer0n3t\"","misp-galaxy:botnet=\"Zer0n3t\""],"Fib3rl0g1c":["misp-galaxy:botnet=\"Zer0n3t\""],"Zer0Log1x":["misp-galaxy:botnet=\"Zer0n3t\""],"ZeuS":["misp-galaxy:botnet=\"Zeus\""],"PRG":["misp-galaxy:botnet=\"Zeus\""],"Wsnpoem":["misp-galaxy:botnet=\"Zeus\""],"Gorhax":["misp-galaxy:botnet=\"Zeus\""],"Kneber":["misp-galaxy:botnet=\"Zeus\""],"BadUSB":["misp-galaxy:branded-vulnerability=\"BadUSB\""],"Badlock":["misp-galaxy:branded-vulnerability=\"Badlock\""],"Blacknurse":["misp-galaxy:branded-vulnerability=\"Blacknurse\""],"BlueKeep":["misp-galaxy:branded-vulnerability=\"BlueKeep\""],"Dirty COW":["misp-galaxy:branded-vulnerability=\"Dirty COW\""],"Ghost":["misp-galaxy:branded-vulnerability=\"Ghost\"","misp-galaxy:rat=\"Ghost\""],"Heartbleed":["misp-galaxy:branded-vulnerability=\"Heartbleed\""],"ImageTragick":["misp-galaxy:branded-vulnerability=\"ImageTragick\""],"Meltdown":["misp-galaxy:branded-vulnerability=\"Meltdown\""],"POODLE":["misp-galaxy:branded-vulnerability=\"POODLE\""],"SPOILER":["misp-galaxy:branded-vulnerability=\"SPOILER\""],"Shellshock":["misp-galaxy:branded-vulnerability=\"Shellshock\""],"Spectre":["misp-galaxy:branded-vulnerability=\"Spectre\""],"Stagefright":["misp-galaxy:branded-vulnerability=\"Stagefright\""],"Constituency":["misp-galaxy:cert-eu-govsector=\"Constituency\""],"EU-Centric":["misp-galaxy:cert-eu-govsector=\"EU-Centric\""],"EU-nearby":["misp-galaxy:cert-eu-govsector=\"EU-nearby\""],"Outside World":["misp-galaxy:cert-eu-govsector=\"Outside World\""],"Unknown":["misp-galaxy:cert-eu-govsector=\"Unknown\"","misp-galaxy:exploit-kit=\"Unknown\"","misp-galaxy:sector=\"Unknown\""],"World-class":["misp-galaxy:cert-eu-govsector=\"World-class\""],"AAD - Dump users and groups with Azure AD":["misp-galaxy:cloud-security=\"AAD - Dump users and groups with Azure AD\""],"AAD - Password Spray: CredKing":["misp-galaxy:cloud-security=\"AAD - Password Spray: CredKing\""],"AAD - Password Spray: MailSniper":["misp-galaxy:cloud-security=\"AAD - Password Spray: MailSniper\""],"End Point - Create Hidden Mailbox Rule":["misp-galaxy:cloud-security=\"End Point - Create Hidden Mailbox Rule\""],"End Point - Persistence throught Outlook Home Page: SensePost Ruler":["misp-galaxy:cloud-security=\"End Point - Persistence throught Outlook Home Page: SensePost Ruler\""],"End Point - Persistence throught custom Outlook form":["misp-galaxy:cloud-security=\"End Point - Persistence throught custom Outlook form\""],"End Point - Search host for Azure Credentials: SharpCloud":["misp-galaxy:cloud-security=\"End Point - Search host for Azure Credentials: SharpCloud\""],"O365 - 2FA MITM Phishing: evilginx2":["misp-galaxy:cloud-security=\"O365 - 2FA MITM Phishing: evilginx2\""],"O365 - Account Takeover: Add-MailboxPermission":["misp-galaxy:cloud-security=\"O365 - Account Takeover: Add-MailboxPermission\""],"O365 - Add Global admin account":["misp-galaxy:cloud-security=\"O365 - Add Global admin account\""],"O365 - Add Mail forwarding rule":["misp-galaxy:cloud-security=\"O365 - Add Mail forwarding rule\""],"O365 - Bruteforce of Autodiscover: SensePost Ruler":["misp-galaxy:cloud-security=\"O365 - Bruteforce of Autodiscover: SensePost Ruler\""],"O365 - Delegate Tenant Admin":["misp-galaxy:cloud-security=\"O365 - Delegate Tenant Admin\""],"O365 - Download documents and email":["misp-galaxy:cloud-security=\"O365 - Download documents and email\""],"O365 - Exchange Tasks for C2: MWR":["misp-galaxy:cloud-security=\"O365 - Exchange Tasks for C2: MWR\""],"O365 - Exfiltration email using EWS APIs with PowerShell":["misp-galaxy:cloud-security=\"O365 - Exfiltration email using EWS APIs with PowerShell\""],"O365 - Find Open Mailboxes: MailSniper":["misp-galaxy:cloud-security=\"O365 - Find Open Mailboxes: MailSniper\""],"O365 - Get Global Address List: MailSniper":["misp-galaxy:cloud-security=\"O365 - Get Global Address List: MailSniper\""],"O365 - MailSniper: Search Mailbox for content":["misp-galaxy:cloud-security=\"O365 - MailSniper: Search Mailbox for content\""],"O365 - MailSniper: Search Mailbox for credentials":["misp-galaxy:cloud-security=\"O365 - MailSniper: Search Mailbox for credentials\""],"O365 - Phishing for credentials":["misp-galaxy:cloud-security=\"O365 - Phishing for credentials\""],"O365 - Phishing using OAuth app":["misp-galaxy:cloud-security=\"O365 - Phishing using OAuth app\""],"O365 - Pivot to On-Prem host: SensePost Ruler":["misp-galaxy:cloud-security=\"O365 - Pivot to On-Prem host: SensePost Ruler\""],"O365 - Search for Content with eDiscovery":["misp-galaxy:cloud-security=\"O365 - Search for Content with eDiscovery\""],"O365 - Send Internal Email":["misp-galaxy:cloud-security=\"O365 - Send Internal Email\""],"O365 - User account enumeration with ActiveSync":["misp-galaxy:cloud-security=\"O365 - User account enumeration with ActiveSync\""],"On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler":["misp-galaxy:cloud-security=\"On-Prem Exchange - Bruteforce of Autodiscover: SensePost Ruler\""],"On-Prem Exchange - Delegation":["misp-galaxy:cloud-security=\"On-Prem Exchange - Delegation\""],"On-Prem Exchange - Enumerate domain accounts: FindPeople":["misp-galaxy:cloud-security=\"On-Prem Exchange - Enumerate domain accounts: FindPeople\""],"On-Prem Exchange - Enumerate domain accounts: OWA & Exchange":["misp-galaxy:cloud-security=\"On-Prem Exchange - Enumerate domain accounts: OWA & Exchange\""],"On-Prem Exchange - Enumerate domain accounts: using Skype4B":["misp-galaxy:cloud-security=\"On-Prem Exchange - Enumerate domain accounts: using Skype4B\""],"On-Prem Exchange - OWA version discovery":["misp-galaxy:cloud-security=\"On-Prem Exchange - OWA version discovery\""],"On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS":["misp-galaxy:cloud-security=\"On-Prem Exchange - Password Spray using Invoke-PasswordSprayOWA, EWS\""],"On-Prem Exchange - Portal Recon":["misp-galaxy:cloud-security=\"On-Prem Exchange - Portal Recon\""],"On-Prem Exchange - Search Mailboxes with eDiscovery searches (EXO, Teams, SPO, OD4B, Skype4B)":["misp-galaxy:cloud-security=\"On-Prem Exchange - Search Mailboxes with eDiscovery searches (EXO, Teams, SPO, OD4B, Skype4B)\""],"Angler":["misp-galaxy:exploit-kit=\"Angler\""],"XXX":["misp-galaxy:exploit-kit=\"Angler\""],"AEK":["misp-galaxy:exploit-kit=\"Angler\""],"Axpergle":["misp-galaxy:exploit-kit=\"Angler\""],"Archie":["misp-galaxy:exploit-kit=\"Archie\""],"Astrum":["misp-galaxy:exploit-kit=\"Astrum\""],"Stegano EK":["misp-galaxy:exploit-kit=\"Astrum\""],"Bingo":["misp-galaxy:exploit-kit=\"Bingo\""],"Bizarro Sundown":["misp-galaxy:exploit-kit=\"Bizarro Sundown\""],"Sundown-b":["misp-galaxy:exploit-kit=\"Bizarro Sundown\""],"BlackHole":["misp-galaxy:exploit-kit=\"BlackHole\"","misp-galaxy:rat=\"BlackHole\""],"BHEK":["misp-galaxy:exploit-kit=\"BlackHole\""],"Bleeding Life":["misp-galaxy:exploit-kit=\"Bleeding Life\""],"BL":["misp-galaxy:exploit-kit=\"Bleeding Life\""],"BL2":["misp-galaxy:exploit-kit=\"Bleeding Life\""],"Cool":["misp-galaxy:exploit-kit=\"Cool\""],"CEK":["misp-galaxy:exploit-kit=\"Cool\""],"Styxy Cool":["misp-galaxy:exploit-kit=\"Cool\""],"DNSChanger":["misp-galaxy:exploit-kit=\"DNSChanger\""],"RouterEK":["misp-galaxy:exploit-kit=\"DNSChanger\""],"DealersChoice":["misp-galaxy:exploit-kit=\"DealersChoice\"","misp-galaxy:mitre-malware=\"DealersChoice - S0243\""],"Sednit RTF EK":["misp-galaxy:exploit-kit=\"DealersChoice\""],"Disdain":["misp-galaxy:exploit-kit=\"Disdain\""],"Empire":["misp-galaxy:exploit-kit=\"Empire\"","misp-galaxy:mitre-tool=\"Empire - S0363\"","misp-galaxy:tool=\"Empire\""],"RIG-E":["misp-galaxy:exploit-kit=\"Empire\""],"Fallout":["misp-galaxy:exploit-kit=\"Fallout\"","misp-galaxy:exploit-kit=\"Fallout\""],"Fiesta":["misp-galaxy:exploit-kit=\"Fiesta\""],"NeoSploit":["misp-galaxy:exploit-kit=\"Fiesta\""],"Fiexp":["misp-galaxy:exploit-kit=\"Fiesta\""],"FlashPack":["misp-galaxy:exploit-kit=\"FlashPack\""],"FlashEK":["misp-galaxy:exploit-kit=\"FlashPack\""],"SafePack":["misp-galaxy:exploit-kit=\"FlashPack\""],"CritXPack":["misp-galaxy:exploit-kit=\"FlashPack\""],"Vintage Pack":["misp-galaxy:exploit-kit=\"FlashPack\""],"Glazunov":["misp-galaxy:exploit-kit=\"Glazunov\""],"GrandSoft":["misp-galaxy:exploit-kit=\"GrandSoft\""],"StampEK":["misp-galaxy:exploit-kit=\"GrandSoft\""],"SofosFO":["misp-galaxy:exploit-kit=\"GrandSoft\""],"GreenFlash Sundown":["misp-galaxy:exploit-kit=\"GreenFlash Sundown\""],"Sundown-GF":["misp-galaxy:exploit-kit=\"GreenFlash Sundown\""],"HanJuan":["misp-galaxy:exploit-kit=\"HanJuan\""],"Himan":["misp-galaxy:exploit-kit=\"Himan\""],"High Load":["misp-galaxy:exploit-kit=\"Himan\""],"Hunter":["misp-galaxy:exploit-kit=\"Hunter\"","misp-galaxy:tool=\"Tinba\""],"3ROS Exploit Kit":["misp-galaxy:exploit-kit=\"Hunter\""],"Impact":["misp-galaxy:exploit-kit=\"Impact\""],"Infinity":["misp-galaxy:exploit-kit=\"Infinity\""],"Redkit v2.0":["misp-galaxy:exploit-kit=\"Infinity\""],"Goon":["misp-galaxy:exploit-kit=\"Infinity\""],"Kaixin":["misp-galaxy:exploit-kit=\"Kaixin\""],"CK vip":["misp-galaxy:exploit-kit=\"Kaixin\""],"Lightsout":["misp-galaxy:exploit-kit=\"Lightsout\""],"MWI":["misp-galaxy:exploit-kit=\"MWI\""],"Magnitude":["misp-galaxy:exploit-kit=\"Magnitude\""],"Popads EK":["misp-galaxy:exploit-kit=\"Magnitude\""],"TopExp":["misp-galaxy:exploit-kit=\"Magnitude\""],"Nebula":["misp-galaxy:exploit-kit=\"Nebula\""],"Neutrino":["misp-galaxy:exploit-kit=\"Neutrino\"","misp-galaxy:malpedia=\"Neutrino\""],"Job314":["misp-galaxy:exploit-kit=\"Neutrino\""],"Neutrino Rebooted":["misp-galaxy:exploit-kit=\"Neutrino\""],"Neutrino-v":["misp-galaxy:exploit-kit=\"Neutrino\""],"Niteris":["misp-galaxy:exploit-kit=\"Niteris\""],"CottonCastle":["misp-galaxy:exploit-kit=\"Niteris\""],"Novidade":["misp-galaxy:exploit-kit=\"Novidade\""],"DNSGhost":["misp-galaxy:exploit-kit=\"Novidade\""],"Nuclear":["misp-galaxy:exploit-kit=\"Nuclear\""],"NEK":["misp-galaxy:exploit-kit=\"Nuclear\""],"Nuclear Pack":["misp-galaxy:exploit-kit=\"Nuclear\""],"Spartan":["misp-galaxy:exploit-kit=\"Nuclear\""],"Neclu":["misp-galaxy:exploit-kit=\"Nuclear\""],"Phoenix":["misp-galaxy:exploit-kit=\"Phoenix\""],"PEK":["misp-galaxy:exploit-kit=\"Phoenix\""],"Private Exploit Pack":["misp-galaxy:exploit-kit=\"Private Exploit Pack\""],"PEP":["misp-galaxy:exploit-kit=\"Private Exploit Pack\""],"RIG":["misp-galaxy:exploit-kit=\"RIG\""],"RIG 3":["misp-galaxy:exploit-kit=\"RIG\""],"RIG-v":["misp-galaxy:exploit-kit=\"RIG\""],"RIG 4":["misp-galaxy:exploit-kit=\"RIG\""],"Meadgive":["misp-galaxy:exploit-kit=\"RIG\""],"Redkit":["misp-galaxy:exploit-kit=\"Redkit\""],"SPL":["misp-galaxy:exploit-kit=\"SPL\""],"SPL_Data":["misp-galaxy:exploit-kit=\"SPL\""],"SPLNet":["misp-galaxy:exploit-kit=\"SPL\""],"SPL2":["misp-galaxy:exploit-kit=\"SPL\""],"Sakura":["misp-galaxy:exploit-kit=\"Sakura\""],"Sednit EK":["misp-galaxy:exploit-kit=\"Sednit EK\""],"SedKit":["misp-galaxy:exploit-kit=\"Sednit EK\""],"Spelevo":["misp-galaxy:exploit-kit=\"Spelevo\""],"SpelevoEK":["misp-galaxy:exploit-kit=\"SpelevoEK\""],"Styx":["misp-galaxy:exploit-kit=\"Styx\""],"Sundown":["misp-galaxy:exploit-kit=\"Sundown\""],"Beps":["misp-galaxy:exploit-kit=\"Sundown\""],"Xer":["misp-galaxy:exploit-kit=\"Sundown\""],"Beta":["misp-galaxy:exploit-kit=\"Sundown\""],"Sundown-P":["misp-galaxy:exploit-kit=\"Sundown-P\""],"Sundown-Pirate":["misp-galaxy:exploit-kit=\"Sundown-P\""],"CaptainBlack":["misp-galaxy:exploit-kit=\"Sundown-P\""],"Sweet-Orange":["misp-galaxy:exploit-kit=\"Sweet-Orange\""],"SWO":["misp-galaxy:exploit-kit=\"Sweet-Orange\""],"Anogre":["misp-galaxy:exploit-kit=\"Sweet-Orange\""],"Taurus Builder":["misp-galaxy:exploit-kit=\"Taurus Builder\""],"Terror EK":["misp-galaxy:exploit-kit=\"Terror EK\""],"Blaze EK":["misp-galaxy:exploit-kit=\"Terror EK\""],"Neptune EK":["misp-galaxy:exploit-kit=\"Terror EK\""],"ThreadKit":["misp-galaxy:exploit-kit=\"ThreadKit\""],"Underminer":["misp-galaxy:exploit-kit=\"Underminer\""],"Underminer EK":["misp-galaxy:exploit-kit=\"Underminer\""],"VenomKit":["misp-galaxy:exploit-kit=\"VenomKit\""],"Venom":["misp-galaxy:exploit-kit=\"VenomKit\""],"WhiteHole":["misp-galaxy:exploit-kit=\"WhiteHole\""],"ATM Black Box Attack":["misp-galaxy:financial-fraud=\"ATM Black Box Attack\""],"ATM Explosive Attack":["misp-galaxy:financial-fraud=\"ATM Explosive Attack\""],"ATM Jackpotting":["misp-galaxy:financial-fraud=\"ATM Jackpotting\""],"ATM Shimming":["misp-galaxy:financial-fraud=\"ATM Shimming\""],"ATM skimming":["misp-galaxy:financial-fraud=\"ATM skimming\""],"Account-Checking Services":["misp-galaxy:financial-fraud=\"Account-Checking Services\""],"Business Email Compromise":["misp-galaxy:financial-fraud=\"Business Email Compromise\""],"Compromised Account Credentials":["misp-galaxy:financial-fraud=\"Compromised Account Credentials\""],"Compromised Intellectual Property (IP)":["misp-galaxy:financial-fraud=\"Compromised Intellectual Property (IP)\""],"Compromised Payment Cards":["misp-galaxy:financial-fraud=\"Compromised Payment Cards\""],"Compromised Personally Identifiable Information (PII)":["misp-galaxy:financial-fraud=\"Compromised Personally Identifiable Information (PII)\""],"Cryptocurrency Exchange":["misp-galaxy:financial-fraud=\"Cryptocurrency Exchange\""],"CxO Fraud":["misp-galaxy:financial-fraud=\"CxO Fraud\""],"Fund Transfer":["misp-galaxy:financial-fraud=\"Fund Transfer\""],"Insider Trading":["misp-galaxy:financial-fraud=\"Insider Trading\""],"Malware":["misp-galaxy:financial-fraud=\"Malware\""],"Money Mules":["misp-galaxy:financial-fraud=\"Money Mules\""],"POS Skimming":["misp-galaxy:financial-fraud=\"POS Skimming\""],"Phishing":["misp-galaxy:financial-fraud=\"Phishing\""],"Prepaid Cards":["misp-galaxy:financial-fraud=\"Prepaid Cards\""],"Resell Stolen Data":["misp-galaxy:financial-fraud=\"Resell Stolen Data\""],"SWIFT Transaction":["misp-galaxy:financial-fraud=\"SWIFT Transaction\""],"Scam":["misp-galaxy:financial-fraud=\"Scam\""],"Social Media Scams":["misp-galaxy:financial-fraud=\"Social Media Scams\""],"Spear phishing":["misp-galaxy:financial-fraud=\"Spear phishing\""],"Vishing":["misp-galaxy:financial-fraud=\"Vishing\""],"Breach of voters privacy during the casting of votes":["misp-galaxy:guidelines=\"Breach of voters privacy during the casting of votes\""],"Defacement, DoS or overload of websites or other systems used for publication of the results":["misp-galaxy:guidelines=\"Defacement, DoS or overload of websites or other systems used for publication of the results\""],"Deleting or tampering with voter data":["misp-galaxy:guidelines=\"Deleting or tampering with voter data\""],"DoS or overload of government websites":["misp-galaxy:guidelines=\"DoS or overload of government websites\""],"DoS or overload of party\/campaign registration, causing them to miss the deadline":["misp-galaxy:guidelines=\"DoS or overload of party\/campaign registration, causing them to miss the deadline\""],"DoS or overload of voter registration system, suppressing voters":["misp-galaxy:guidelines=\"DoS or overload of voter registration system, suppressing voters\""],"Fabricated signatures from sponsor":["misp-galaxy:guidelines=\"Fabricated signatures from sponsor\""],"Hacking campaign websites (defacement, DoS)":["misp-galaxy:guidelines=\"Hacking campaign websites (defacement, DoS)\""],"Hacking campaign websites, spreading misinformation on the election process, registered parties\/candidates, or results":["misp-galaxy:guidelines=\"Hacking campaign websites, spreading misinformation on the election process, registered parties\/candidates, or results\""],"Hacking candidate laptops or email accounts":["misp-galaxy:guidelines=\"Hacking candidate laptops or email accounts\""],"Hacking of internal systems used by media or press":["misp-galaxy:guidelines=\"Hacking of internal systems used by media or press\""],"Hacking\/misconfiguration of government servers, communication networks, or endpoints":["misp-galaxy:guidelines=\"Hacking\/misconfiguration of government servers, communication networks, or endpoints\""],"Identity fraud during voter registration":["misp-galaxy:guidelines=\"Identity fraud during voter registration\""],"Leak of confidential information":["misp-galaxy:guidelines=\"Leak of confidential information\""],"Misconfiguration of a website":["misp-galaxy:guidelines=\"Misconfiguration of a website\""],"Software bug altering results":["misp-galaxy:guidelines=\"Software bug altering results\""],"Tampering or DoS of communication links uesd to transfer (interim) results":["misp-galaxy:guidelines=\"Tampering or DoS of communication links uesd to transfer (interim) results\""],"Tampering or DoS of voting and\/or vote confidentiality during or after the elections":["misp-galaxy:guidelines=\"Tampering or DoS of voting and\/or vote confidentiality during or after the elections\""],"Tampering with logs\/journals":["misp-galaxy:guidelines=\"Tampering with logs\/journals\""],"Tampering with registrations":["misp-galaxy:guidelines=\"Tampering with registrations\""],"Tampering with supply chain involved in the movement or transfer data":["misp-galaxy:guidelines=\"Tampering with supply chain involved in the movement or transfer data\""],"Tampering, DoS or overload of the systems used for counting or aggregating results":["misp-galaxy:guidelines=\"Tampering, DoS or overload of the systems used for counting or aggregating results\""],"Tampering, DoS, or overload of media communication links":["misp-galaxy:guidelines=\"Tampering, DoS, or overload of media communication links\""],"7ev3n":["misp-galaxy:malpedia=\"7ev3n\"","misp-galaxy:ransomware=\"7ev3n\""],"9002 RAT":["misp-galaxy:malpedia=\"9002 RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\""],"Hydraq":["misp-galaxy:malpedia=\"9002 RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\"","misp-galaxy:tool=\"Aurora\""],"McRAT":["misp-galaxy:malpedia=\"9002 RAT\""],"AIRBREAK":["misp-galaxy:malpedia=\"AIRBREAK\"","misp-galaxy:mitre-enterprise-attack-malware=\"Orz - S0229\"","misp-galaxy:mitre-malware=\"Orz - S0229\""],"Orz":["misp-galaxy:malpedia=\"AIRBREAK\"","misp-galaxy:mitre-enterprise-attack-malware=\"Orz - S0229\"","misp-galaxy:mitre-malware=\"Orz - S0229\""],"ALPC Local PrivEsc":["misp-galaxy:malpedia=\"ALPC Local PrivEsc\""],"AMTsol":["misp-galaxy:malpedia=\"AMTsol\""],"Adupihan":["misp-galaxy:malpedia=\"AMTsol\""],"ANTAK":["misp-galaxy:malpedia=\"ANTAK\""],"APT3 Keylogger":["misp-galaxy:malpedia=\"APT3 Keylogger\""],"ARS VBS Loader":["misp-galaxy:malpedia=\"ARS VBS Loader\"","misp-galaxy:rat=\"ARS VBS Loader\""],"ASPC":["misp-galaxy:malpedia=\"ASPC\""],"ATI-Agent":["misp-galaxy:malpedia=\"ATI-Agent\""],"ATMSpitter":["misp-galaxy:malpedia=\"ATMSpitter\""],"ATMii":["misp-galaxy:malpedia=\"ATMii\""],"ATMitch":["misp-galaxy:malpedia=\"ATMitch\""],"AVCrypt":["misp-galaxy:malpedia=\"AVCrypt\""],"AbaddonPOS":["misp-galaxy:malpedia=\"AbaddonPOS\""],"PinkKite":["misp-galaxy:malpedia=\"AbaddonPOS\""],"Abbath Banker":["misp-galaxy:malpedia=\"Abbath Banker\""],"AcridRain":["misp-galaxy:malpedia=\"AcridRain\""],"Acronym":["misp-galaxy:malpedia=\"Acronym\""],"AdKoob":["misp-galaxy:malpedia=\"AdKoob\""],"AdWind":["misp-galaxy:malpedia=\"AdWind\""],"JBifrost":["misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:rat=\"Adwind RAT\""],"JSocket":["misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:tool=\"Adwind\""],"UNRECOM":["misp-galaxy:malpedia=\"AdWind\"","misp-galaxy:rat=\"Adwind RAT\""],"AdamLocker":["misp-galaxy:malpedia=\"AdamLocker\""],"AdultSwine":["misp-galaxy:malpedia=\"AdultSwine\""],"AdvisorsBot":["misp-galaxy:malpedia=\"AdvisorsBot\""],"Adylkuzz":["misp-galaxy:malpedia=\"Adylkuzz\""],"Agent Tesla":["misp-galaxy:malpedia=\"Agent Tesla\"","misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"","misp-galaxy:tool=\"Agent Tesla\""],"Agent.BTZ":["misp-galaxy:malpedia=\"Agent.BTZ\"","misp-galaxy:tool=\"Agent.BTZ\""],"ComRAT":["misp-galaxy:malpedia=\"Agent.BTZ\"","misp-galaxy:mitre-enterprise-attack-malware=\"ComRAT - S0126\"","misp-galaxy:mitre-malware=\"ComRAT - S0126\"","misp-galaxy:rat=\"ComRAT\""],"Sun rootkit":["misp-galaxy:malpedia=\"Agent.BTZ\""],"Aldibot":["misp-galaxy:malpedia=\"Aldibot\""],"Alina POS":["misp-galaxy:malpedia=\"Alina POS\""],"alina_eagle":["misp-galaxy:malpedia=\"Alina POS\""],"alina_spark":["misp-galaxy:malpedia=\"Alina POS\""],"katrina":["misp-galaxy:malpedia=\"Alina POS\""],"Allaple":["misp-galaxy:malpedia=\"Allaple\""],"Starman":["misp-galaxy:malpedia=\"Allaple\""],"Alma Communicator":["misp-galaxy:malpedia=\"Alma Communicator\""],"AlmaLocker":["misp-galaxy:malpedia=\"AlmaLocker\""],"AlphaLocker":["misp-galaxy:malpedia=\"AlphaLocker\"","misp-galaxy:ransomware=\"Alpha Ransomware\""],"AlphaNC":["misp-galaxy:malpedia=\"AlphaNC\""],"Alphabet Ransomware":["misp-galaxy:malpedia=\"Alphabet Ransomware\"","misp-galaxy:ransomware=\"Alphabet Ransomware\""],"Alreay":["misp-galaxy:malpedia=\"Alreay\""],"Olmarik":["misp-galaxy:malpedia=\"Alureon\""],"Pihar":["misp-galaxy:malpedia=\"Alureon\""],"TDL":["misp-galaxy:malpedia=\"Alureon\""],"Amadey":["misp-galaxy:malpedia=\"Amadey\""],"Anatova Ransomware":["misp-galaxy:malpedia=\"Anatova Ransomware\""],"AndroRAT":["misp-galaxy:malpedia=\"AndroRAT\"","misp-galaxy:mitre-malware=\"AndroRAT - S0292\"","misp-galaxy:mitre-mobile-attack-malware=\"AndroRAT - MOB-S0008\""],"Andromeda":["misp-galaxy:malpedia=\"Andromeda\"","misp-galaxy:tool=\"Gamarue\""],"B106-Gamarue":["misp-galaxy:malpedia=\"Andromeda\""],"B67-SS-Gamarue":["misp-galaxy:malpedia=\"Andromeda\""],"Gamarue":["misp-galaxy:malpedia=\"Andromeda\"","misp-galaxy:tool=\"Gamarue\""],"b66":["misp-galaxy:malpedia=\"Andromeda\""],"Anel":["misp-galaxy:malpedia=\"Anel\""],"Antilam":["misp-galaxy:malpedia=\"Antilam\""],"Latinus":["misp-galaxy:malpedia=\"Antilam\""],"Anubis":["misp-galaxy:malpedia=\"Anubis\""],"AnubisSpy":["misp-galaxy:malpedia=\"AnubisSpy\""],"Apocalipto":["misp-galaxy:malpedia=\"Apocalipto\""],"Apocalypse":["misp-galaxy:malpedia=\"Apocalypse\"","misp-galaxy:ransomware=\"Apocalypse\"","misp-galaxy:rat=\"Apocalypse\""],"AppleJeus":["misp-galaxy:malpedia=\"AppleJeus\""],"ArdaMax":["misp-galaxy:malpedia=\"ArdaMax\""],"Arefty":["misp-galaxy:malpedia=\"Arefty\""],"Arik Keylogger":["misp-galaxy:malpedia=\"Arik Keylogger\""],"Aaron Keylogger":["misp-galaxy:malpedia=\"Arik Keylogger\""],"Arkei Stealer":["misp-galaxy:malpedia=\"Arkei Stealer\""],"Artra Downloader":["misp-galaxy:malpedia=\"Artra Downloader\""],"Asacub":["misp-galaxy:malpedia=\"Asacub\""],"AscentLoader":["misp-galaxy:malpedia=\"AscentLoader\""],"BadSrc":["misp-galaxy:malpedia=\"Asprox\""],"AthenaGo RAT":["misp-galaxy:malpedia=\"AthenaGo RAT\""],"Atmosphere":["misp-galaxy:malpedia=\"Atmosphere\""],"August Stealer":["misp-galaxy:malpedia=\"August Stealer\"","misp-galaxy:tool=\"August\""],"Auriga":["misp-galaxy:malpedia=\"Auriga\""],"Riodrv":["misp-galaxy:malpedia=\"Auriga\""],"Aurora":["misp-galaxy:malpedia=\"Aurora\"","misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\"","misp-galaxy:tool=\"Aurora\""],"AutoCAD Downloader":["misp-galaxy:malpedia=\"AutoCAD Downloader\""],"Acad.Bursted":["misp-galaxy:malpedia=\"AutoCAD Downloader\""],"Duxfas":["misp-galaxy:malpedia=\"AutoCAD Downloader\""],"AvastDisabler":["misp-galaxy:malpedia=\"AvastDisabler\""],"Ave Maria":["misp-galaxy:malpedia=\"Ave Maria\"","misp-galaxy:stealer=\"Ave Maria\""],"AVE_MARIA":["misp-galaxy:malpedia=\"Ave Maria\""],"Aveo":["misp-galaxy:malpedia=\"Aveo\""],"Avzhan":["misp-galaxy:malpedia=\"Avzhan\""],"Ayegent":["misp-galaxy:malpedia=\"Ayegent\""],"Azorult":["misp-galaxy:malpedia=\"Azorult\"","misp-galaxy:mitre-malware=\"Azorult - S0344\""],"PuffStealer":["misp-galaxy:malpedia=\"Azorult\""],"Rultazo":["misp-galaxy:malpedia=\"Azorult\""],"BABYMETAL":["misp-galaxy:malpedia=\"BABYMETAL\""],"BACKBEND":["misp-galaxy:malpedia=\"BACKBEND\""],"BBSRAT":["misp-galaxy:malpedia=\"BBSRAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"BBSRAT - S0127\"","misp-galaxy:mitre-malware=\"BBSRAT - S0127\""],"BCMPUPnP_Hunter":["misp-galaxy:malpedia=\"BCMPUPnP_Hunter\""],"BELLHOP":["misp-galaxy:malpedia=\"BELLHOP\""],"BKA Trojaner":["misp-galaxy:malpedia=\"BKA Trojaner\""],"bwin3_bka":["misp-galaxy:malpedia=\"BKA Trojaner\""],"BLACKCOFFEE":["misp-galaxy:malpedia=\"BLACKCOFFEE\"","misp-galaxy:mitre-enterprise-attack-malware=\"BLACKCOFFEE - S0069\"","misp-galaxy:mitre-malware=\"BLACKCOFFEE - S0069\""],"BONDUPDATER":["misp-galaxy:malpedia=\"BONDUPDATER\"","misp-galaxy:mitre-malware=\"BONDUPDATER - S0360\"","misp-galaxy:rat=\"BONDUPDATER\""],"Glimpse":["misp-galaxy:malpedia=\"BONDUPDATER\""],"BRAIN":["misp-galaxy:malpedia=\"BRAIN\""],"BS2005":["misp-galaxy:malpedia=\"BS2005\"","misp-galaxy:mitre-enterprise-attack-malware=\"BS2005 - S0014\"","misp-galaxy:mitre-malware=\"BS2005 - S0014\"","misp-galaxy:tool=\"Hoardy\""],"BTCWare":["misp-galaxy:malpedia=\"BTCWare\""],"BUBBLEWRAP":["misp-galaxy:malpedia=\"BUBBLEWRAP\"","misp-galaxy:mitre-enterprise-attack-malware=\"BUBBLEWRAP - S0043\"","misp-galaxy:mitre-malware=\"BUBBLEWRAP - S0043\""],"BYEBY":["misp-galaxy:malpedia=\"BYEBY\""],"Babar":["misp-galaxy:malpedia=\"Babar\"","misp-galaxy:tool=\"Babar\""],"SNOWBALL":["misp-galaxy:malpedia=\"Babar\""],"BabyLon RAT":["misp-galaxy:malpedia=\"BabyLon RAT\""],"BackNet":["misp-galaxy:malpedia=\"BackNet\""],"BackSwap":["misp-galaxy:malpedia=\"BackSwap\""],"BadEncript":["misp-galaxy:malpedia=\"BadEncript\""],"BadNews":["misp-galaxy:malpedia=\"BadNews\""],"Bahamut (Android)":["misp-galaxy:malpedia=\"Bahamut (Android)\""],"Bahamut (Windows)":["misp-galaxy:malpedia=\"Bahamut (Windows)\""],"Baldir":["misp-galaxy:malpedia=\"Baldir\""],"Baldr":["misp-galaxy:malpedia=\"Baldir\""],"Banatrix":["misp-galaxy:malpedia=\"Banatrix\""],"Bankshot":["misp-galaxy:malpedia=\"Bankshot\"","misp-galaxy:mitre-malware=\"Bankshot - S0239\"","misp-galaxy:tool=\"Bankshot\""],"Banload":["misp-galaxy:malpedia=\"Banload\"","misp-galaxy:tool=\"Banload\""],"Bart":["misp-galaxy:malpedia=\"Bart\"","misp-galaxy:ransomware=\"Bart\""],"gayfgt":["misp-galaxy:malpedia=\"Bashlite\""],"lizkebab":["misp-galaxy:malpedia=\"Bashlite\""],"qbot":["misp-galaxy:malpedia=\"Bashlite\""],"torlus":["misp-galaxy:malpedia=\"Bashlite\""],"BatchWiper":["misp-galaxy:malpedia=\"BatchWiper\""],"Batel":["misp-galaxy:malpedia=\"Batel\""],"Bateleur":["misp-galaxy:malpedia=\"Bateleur\"","misp-galaxy:tool=\"Bateleur\""],"Beapy":["misp-galaxy:malpedia=\"Beapy\""],"Bedep":["misp-galaxy:malpedia=\"Bedep\"","misp-galaxy:tool=\"Bedep\""],"Bella":["misp-galaxy:malpedia=\"Bella\""],"Belonard":["misp-galaxy:malpedia=\"Belonard\""],"Berbomthum":["misp-galaxy:malpedia=\"Berbomthum\""],"BernhardPOS":["misp-galaxy:malpedia=\"BernhardPOS\""],"Neurevt":["misp-galaxy:malpedia=\"BetaBot\""],"Bezigate":["misp-galaxy:malpedia=\"Bezigate\""],"BfBot":["misp-galaxy:malpedia=\"BfBot\""],"BianLian":["misp-galaxy:malpedia=\"BianLian\""],"BillGates":["misp-galaxy:malpedia=\"BillGates\""],"BioData":["misp-galaxy:malpedia=\"BioData\""],"Biscuit":["misp-galaxy:malpedia=\"Biscuit\""],"zxdosml":["misp-galaxy:malpedia=\"Biscuit\""],"Bitsran":["misp-galaxy:malpedia=\"Bitsran\""],"Bitter RAT":["misp-galaxy:malpedia=\"Bitter RAT\""],"BlackEnergy":["misp-galaxy:malpedia=\"BlackEnergy\"","misp-galaxy:mitre-enterprise-attack-malware=\"BlackEnergy - S0089\"","misp-galaxy:mitre-malware=\"BlackEnergy - S0089\"","misp-galaxy:threat-actor=\"Sandworm\"","misp-galaxy:tool=\"BlackEnergy\""],"BlackPOS":["misp-galaxy:malpedia=\"BlackPOS\""],"Kaptoxa":["misp-galaxy:malpedia=\"BlackPOS\""],"POSWDS":["misp-galaxy:malpedia=\"BlackPOS\""],"Reedum":["misp-galaxy:malpedia=\"BlackPOS\""],"BlackRevolution":["misp-galaxy:malpedia=\"BlackRevolution\""],"BlackRouter":["misp-galaxy:malpedia=\"BlackRouter\""],"BLACKHEART":["misp-galaxy:malpedia=\"BlackRouter\""],"BlackShades":["misp-galaxy:malpedia=\"BlackShades\""],"Boaxxe":["misp-galaxy:malpedia=\"Boaxxe\""],"Bohmini":["misp-galaxy:malpedia=\"Bohmini\""],"Bolek":["misp-galaxy:malpedia=\"Bolek\""],"KBOT":["misp-galaxy:malpedia=\"Bolek\""],"Bouncer":["misp-galaxy:malpedia=\"Bouncer\""],"Bozok":["misp-galaxy:malpedia=\"Bozok\"","misp-galaxy:rat=\"Bozok\""],"Brambul":["misp-galaxy:malpedia=\"Brambul\"","misp-galaxy:tool=\"Brambul\""],"BravoNC":["misp-galaxy:malpedia=\"BravoNC\""],"BreachRAT":["misp-galaxy:malpedia=\"BreachRAT\""],"Breakthrough":["misp-galaxy:malpedia=\"Breakthrough\""],"Bredolab":["misp-galaxy:malpedia=\"Bredolab\""],"BrickerBot":["misp-galaxy:malpedia=\"BrickerBot\""],"BrushaLoader":["misp-galaxy:malpedia=\"BrushaLoader\""],"BrutPOS":["misp-galaxy:malpedia=\"BrutPOS\""],"Buhtrap":["misp-galaxy:malpedia=\"Buhtrap\""],"Ratopak":["misp-galaxy:malpedia=\"Buhtrap\""],"Bundestrojaner":["misp-galaxy:malpedia=\"Bundestrojaner\""],"0zapftis":["misp-galaxy:malpedia=\"Bundestrojaner\""],"R2D2":["misp-galaxy:malpedia=\"Bundestrojaner\""],"Bunitu":["misp-galaxy:malpedia=\"Bunitu\""],"Buterat":["misp-galaxy:malpedia=\"Buterat\""],"spyvoltar":["misp-galaxy:malpedia=\"Buterat\""],"Yimfoca":["misp-galaxy:malpedia=\"Buzus\""],"CACTUSTORCH":["misp-galaxy:malpedia=\"CACTUSTORCH\""],"CCleaner Backdoor":["misp-galaxy:malpedia=\"CCleaner Backdoor\""],"CDorked":["misp-galaxy:malpedia=\"CDorked\""],"CDorked.A":["misp-galaxy:malpedia=\"CDorked\""],"CHINACHOPPER":["misp-galaxy:malpedia=\"CHINACHOPPER\""],"CMSBrute":["misp-galaxy:malpedia=\"CMSBrute\""],"CMSTAR":["misp-galaxy:malpedia=\"CMSTAR\""],"meciv":["misp-galaxy:malpedia=\"CMSTAR\""],"CREAMSICLE":["misp-galaxy:malpedia=\"CREAMSICLE\""],"CabArt":["misp-galaxy:malpedia=\"CabArt\""],"CadelSpy":["misp-galaxy:malpedia=\"CadelSpy\""],"Cadelle":["misp-galaxy:malpedia=\"CadelSpy\"","misp-galaxy:threat-actor=\"Cadelle\""],"Cannibal Rat":["misp-galaxy:malpedia=\"Cannibal Rat\""],"Cannon":["misp-galaxy:malpedia=\"Cannon\"","misp-galaxy:mitre-malware=\"Cannon - S0351\""],"Carbanak":["misp-galaxy:malpedia=\"Carbanak\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-enterprise-attack-malware=\"Carbanak - S0030\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-malware=\"Carbanak - S0030\"","misp-galaxy:threat-actor=\"Anunak\""],"Anunak":["misp-galaxy:malpedia=\"Carbanak\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-enterprise-attack-malware=\"Carbanak - S0030\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-malware=\"Carbanak - S0030\"","misp-galaxy:threat-actor=\"Anunak\""],"Carberp":["misp-galaxy:malpedia=\"Carberp\""],"Cardinal RAT":["misp-galaxy:malpedia=\"Cardinal RAT\"","misp-galaxy:mitre-malware=\"Cardinal RAT - S0348\"","misp-galaxy:tool=\"Cardinal RAT\""],"Careto":["misp-galaxy:malpedia=\"Careto\"","misp-galaxy:threat-actor=\"Careto\""],"Appetite":["misp-galaxy:malpedia=\"Careto\""],"Mask":["misp-galaxy:malpedia=\"Careto\"","misp-galaxy:threat-actor=\"Careto\""],"CarrotBat":["misp-galaxy:malpedia=\"CarrotBat\""],"Casper":["misp-galaxy:malpedia=\"Casper\"","misp-galaxy:tool=\"Casper\""],"Catchamas":["misp-galaxy:malpedia=\"Catchamas\"","misp-galaxy:mitre-malware=\"Catchamas - S0261\""],"Catelites":["misp-galaxy:malpedia=\"Catelites\""],"CenterPOS":["misp-galaxy:malpedia=\"CenterPOS\""],"cerebrus":["misp-galaxy:malpedia=\"CenterPOS\""],"Cerber":["misp-galaxy:malpedia=\"Cerber\"","misp-galaxy:ransomware=\"Cerber\""],"Cerbu":["misp-galaxy:malpedia=\"Cerbu\""],"ChChes":["misp-galaxy:malpedia=\"ChChes\"","misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\""],"Ham Backdoor":["misp-galaxy:malpedia=\"ChChes\""],"Chainshot":["misp-galaxy:malpedia=\"Chainshot\"","misp-galaxy:tool=\"Chainshot\""],"Chapro":["misp-galaxy:malpedia=\"Chapro\""],"Charger":["misp-galaxy:malpedia=\"Charger\"","misp-galaxy:mitre-malware=\"Charger - S0323\"","misp-galaxy:mitre-mobile-attack-malware=\"Charger - MOB-S0039\""],"CherryPicker POS":["misp-galaxy:malpedia=\"CherryPicker POS\""],"cherry_picker":["misp-galaxy:malpedia=\"CherryPicker POS\""],"cherrypicker":["misp-galaxy:malpedia=\"CherryPicker POS\""],"cherrypickerpos":["misp-galaxy:malpedia=\"CherryPicker POS\""],"ChewBacca":["misp-galaxy:malpedia=\"ChewBacca\""],"Chinad":["misp-galaxy:malpedia=\"Chinad\""],"Chir":["misp-galaxy:malpedia=\"Chir\""],"Chrysaor":["misp-galaxy:malpedia=\"Chrysaor\"","misp-galaxy:mitre-malware=\"Pegasus for Android - S0316\"","misp-galaxy:mitre-mobile-attack-malware=\"Pegasus for Android - MOB-S0032\"","misp-galaxy:tool=\"Chrysaor\""],"JigglyPuff":["misp-galaxy:malpedia=\"Chrysaor\""],"Pegasus":["misp-galaxy:malpedia=\"Chrysaor\"","misp-galaxy:mitre-mobile-attack-malware=\"Pegasus - MOB-S0005\"","misp-galaxy:tool=\"Chrysaor\""],"AndroKINS":["misp-galaxy:malpedia=\"Chthonic\""],"Client Maximus":["misp-galaxy:malpedia=\"Client Maximus\"","misp-galaxy:rat=\"Client Maximus\""],"Clientor":["misp-galaxy:malpedia=\"Clientor\""],"Clipper":["misp-galaxy:malpedia=\"Clipper\""],"Cloud Duke":["misp-galaxy:malpedia=\"Cloud Duke\""],"CoalaBot":["misp-galaxy:malpedia=\"CoalaBot\"","misp-galaxy:tool=\"CoalaBot\""],"CobInt":["misp-galaxy:malpedia=\"CobInt\""],"COOLPANTS":["misp-galaxy:malpedia=\"CobInt\""],"Cobalt Strike":["misp-galaxy:malpedia=\"Cobalt Strike\"","misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike - S0154\"","misp-galaxy:mitre-tool=\"Cobalt Strike - S0154\"","misp-galaxy:rat=\"Cobalt Strike\""],"Cobian RAT":["misp-galaxy:malpedia=\"Cobian RAT\"","misp-galaxy:mitre-malware=\"Cobian RAT - S0338\"","misp-galaxy:rat=\"Cobian RAT\""],"Cobra Carbon System":["misp-galaxy:malpedia=\"Cobra Carbon System\""],"Carbon":["misp-galaxy:malpedia=\"Cobra Carbon System\"","misp-galaxy:mitre-malware=\"Carbon - S0335\""],"CockBlocker":["misp-galaxy:malpedia=\"CockBlocker\""],"CodeKey":["misp-galaxy:malpedia=\"CodeKey\""],"Cohhoc":["misp-galaxy:malpedia=\"Cohhoc\""],"CoinThief":["misp-galaxy:malpedia=\"CoinThief\""],"Coinminer":["misp-galaxy:malpedia=\"Coinminer\""],"Coldroot RAT":["misp-galaxy:malpedia=\"Coldroot RAT\""],"Colony":["misp-galaxy:malpedia=\"Colony\""],"Bandios":["misp-galaxy:malpedia=\"Colony\""],"GrayBird":["misp-galaxy:malpedia=\"Colony\""],"Combojack":["misp-galaxy:malpedia=\"Combojack\""],"Combos":["misp-galaxy:malpedia=\"Combos\""],"CometBot":["misp-galaxy:malpedia=\"CometBot\""],"ComodoSec":["misp-galaxy:malpedia=\"ComodoSec\""],"Computrace":["misp-galaxy:malpedia=\"Computrace\""],"lojack":["misp-galaxy:malpedia=\"Computrace\""],"ComradeCircle":["misp-galaxy:malpedia=\"ComradeCircle\""],"downadup":["misp-galaxy:malpedia=\"Conficker\""],"traffic converter":["misp-galaxy:malpedia=\"Conficker\""],"Confucius":["misp-galaxy:malpedia=\"Confucius\""],"Connic":["misp-galaxy:malpedia=\"Connic\""],"SpyBanker":["misp-galaxy:malpedia=\"Connic\"","misp-galaxy:malpedia=\"SpyBanker\""],"Contopee":["misp-galaxy:malpedia=\"Contopee\""],"CookieBag":["misp-galaxy:malpedia=\"CookieBag\""],"CoreDN":["misp-galaxy:malpedia=\"CoreDN\""],"Coreshell":["misp-galaxy:malpedia=\"Coreshell\""],"CpuMeaner":["misp-galaxy:malpedia=\"CpuMeaner\"","misp-galaxy:tool=\"CpuMeaner\""],"Cpuminer (Android)":["misp-galaxy:malpedia=\"Cpuminer (Android)\""],"Cpuminer (ELF)":["misp-galaxy:malpedia=\"Cpuminer (ELF)\""],"Cr1ptT0r":["misp-galaxy:malpedia=\"Cr1ptT0r\"","misp-galaxy:ransomware=\"Cr1ptT0r\""],"CriptTor":["misp-galaxy:malpedia=\"Cr1ptT0r\""],"CradleCore":["misp-galaxy:malpedia=\"CradleCore\""],"CrashOverride":["misp-galaxy:malpedia=\"CrashOverride\""],"Crash":["misp-galaxy:malpedia=\"CrashOverride\""],"Industroyer":["misp-galaxy:malpedia=\"CrashOverride\""],"CreativeUpdater":["misp-galaxy:malpedia=\"CreativeUpdater\""],"Credraptor":["misp-galaxy:malpedia=\"Credraptor\""],"Crenufs":["misp-galaxy:malpedia=\"Crenufs\""],"Crimson RAT":["misp-galaxy:malpedia=\"Crimson RAT\""],"SEEDOOR":["misp-galaxy:malpedia=\"Crimson RAT\""],"Crimson":["misp-galaxy:malpedia=\"Crimson\"","misp-galaxy:mitre-enterprise-attack-malware=\"Crimson - S0115\"","misp-galaxy:mitre-malware=\"Crimson - S0115\"","misp-galaxy:rat=\"Crimson\"","misp-galaxy:tool=\"Crimson\""],"Crisis (OS X)":["misp-galaxy:malpedia=\"Crisis (OS X)\""],"Crisis (Windows)":["misp-galaxy:malpedia=\"Crisis (Windows)\""],"CrossRAT":["misp-galaxy:malpedia=\"CrossRAT\"","misp-galaxy:mitre-malware=\"CrossRAT - S0235\""],"Trupto":["misp-galaxy:malpedia=\"CrossRAT\""],"Crossrider":["misp-galaxy:malpedia=\"Crossrider\""],"CryLocker":["misp-galaxy:malpedia=\"CryLocker\"","misp-galaxy:ransomware=\"CryLocker\""],"Cryakl":["misp-galaxy:malpedia=\"Cryakl\"","misp-galaxy:ransomware=\"Cryakl\"","misp-galaxy:ransomware=\"Offline ransomware\""],"CrypMic":["misp-galaxy:malpedia=\"CrypMic\""],"Crypt0l0cker":["misp-galaxy:malpedia=\"Crypt0l0cker\""],"CryptXXXX":["misp-galaxy:malpedia=\"CryptXXXX\""],"CryptoFortress":["misp-galaxy:malpedia=\"CryptoFortress\"","misp-galaxy:ransomware=\"CryptoFortress\"","misp-galaxy:ransomware=\"TorrentLocker\""],"CryptoLocker":["misp-galaxy:malpedia=\"CryptoLocker\"","misp-galaxy:ransomware=\"CryptoLocker\""],"CryptoLuck":["misp-galaxy:malpedia=\"CryptoLuck\""],"CryptoMix":["misp-galaxy:malpedia=\"CryptoMix\"","misp-galaxy:ransomware=\"CryptoMix\""],"CryptFile2":["misp-galaxy:malpedia=\"CryptoMix\""],"CryptoNight":["misp-galaxy:malpedia=\"CryptoNight\""],"CryptoRansomeware":["misp-galaxy:malpedia=\"CryptoRansomeware\"","misp-galaxy:ransomware=\"CryptoRansomeware\""],"CryptoShield":["misp-galaxy:malpedia=\"CryptoShield\""],"CryptoShuffler":["misp-galaxy:malpedia=\"CryptoShuffler\""],"CryptoWire":["misp-galaxy:malpedia=\"CryptoWire\"","misp-galaxy:ransomware=\"Owl\""],"Cryptorium":["misp-galaxy:malpedia=\"Cryptorium\""],"Cryptowall":["misp-galaxy:malpedia=\"Cryptowall\""],"CsExt":["misp-galaxy:malpedia=\"CsExt\""],"Cuegoe":["misp-galaxy:malpedia=\"Cuegoe\""],"Windshield?":["misp-galaxy:malpedia=\"Cuegoe\""],"Cueisfry":["misp-galaxy:malpedia=\"Cueisfry\""],"CukieGrab":["misp-galaxy:malpedia=\"CukieGrab\""],"Roblox Trade Assist":["misp-galaxy:malpedia=\"CukieGrab\""],"Cutlet":["misp-galaxy:malpedia=\"Cutlet\""],"CyberGate":["misp-galaxy:malpedia=\"CyberGate\"","misp-galaxy:rat=\"CyberGate\""],"Rebhip":["misp-galaxy:malpedia=\"CyberGate\""],"CyberSplitter":["misp-galaxy:malpedia=\"CyberSplitter\"","misp-galaxy:ransomware=\"Cyber SpLiTTer Vbs\""],"CycBot":["misp-galaxy:malpedia=\"CycBot\""],"DDKONG":["misp-galaxy:malpedia=\"DDKONG\"","misp-galaxy:mitre-malware=\"DDKONG - S0255\"","misp-galaxy:tool=\"DDKONG\""],"DMA Locker":["misp-galaxy:malpedia=\"DMA Locker\""],"DMSniff":["misp-galaxy:malpedia=\"DMSniff\""],"DNSMessenger":["misp-galaxy:malpedia=\"DNSMessenger\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-enterprise-attack-malware=\"TEXTMATE - S0146\"","misp-galaxy:mitre-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-malware=\"TEXTMATE - S0146\"","misp-galaxy:rat=\"DNSMessenger\""],"TEXTMATE":["misp-galaxy:malpedia=\"DNSMessenger\"","misp-galaxy:mitre-enterprise-attack-malware=\"TEXTMATE - S0146\"","misp-galaxy:mitre-malware=\"TEXTMATE - S0146\""],"DNSRat":["misp-galaxy:malpedia=\"DNSRat\""],"DNSbot":["misp-galaxy:malpedia=\"DNSRat\""],"DNSpionage":["misp-galaxy:malpedia=\"DNSpionage\"","misp-galaxy:threat-actor=\"DNSpionage\""],"Agent Drable":["misp-galaxy:malpedia=\"DNSpionage\""],"Webmask":["misp-galaxy:malpedia=\"DNSpionage\""],"DRIFTPIN":["misp-galaxy:malpedia=\"DRIFTPIN\"","misp-galaxy:tool=\"Agent ORM\""],"Spy.Agent.ORM":["misp-galaxy:malpedia=\"DRIFTPIN\""],"Toshliph":["misp-galaxy:malpedia=\"DRIFTPIN\""],"DROPSHOT":["misp-galaxy:malpedia=\"DROPSHOT\""],"DUBrute":["misp-galaxy:malpedia=\"DUBrute\""],"Dairy":["misp-galaxy:malpedia=\"Dairy\""],"DarkComet":["misp-galaxy:malpedia=\"DarkComet\"","misp-galaxy:mitre-malware=\"DarkComet - S0334\"","misp-galaxy:rat=\"DarkComet\""],"Fynloski":["misp-galaxy:malpedia=\"DarkComet\"","misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"klovbot":["misp-galaxy:malpedia=\"DarkComet\""],"DarkHotel":["misp-galaxy:malpedia=\"DarkHotel\"","misp-galaxy:threat-actor=\"DarkHotel\""],"DarkMegi":["misp-galaxy:malpedia=\"DarkMegi\""],"DarkPulsar":["misp-galaxy:malpedia=\"DarkPulsar\"","misp-galaxy:tool=\"DarkPulsar\""],"DarkShell":["misp-galaxy:malpedia=\"DarkShell\""],"DarkStRat":["misp-galaxy:malpedia=\"DarkStRat\""],"DarkTequila":["misp-galaxy:malpedia=\"DarkTequila\""],"Darkmoon":["misp-galaxy:malpedia=\"Darkmoon\"","misp-galaxy:mitre-enterprise-attack-malware=\"Darkmoon - S0209\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\""],"Chymine":["misp-galaxy:malpedia=\"Darkmoon\""],"Darksky":["misp-galaxy:malpedia=\"Darksky\""],"Darktrack RAT":["misp-galaxy:malpedia=\"Darktrack RAT\""],"DarthMiner":["misp-galaxy:malpedia=\"DarthMiner\"","misp-galaxy:tool=\"DarthMiner\""],"Daserf":["misp-galaxy:malpedia=\"Daserf\"","misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Muirim":["misp-galaxy:malpedia=\"Daserf\"","misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Nioupale":["misp-galaxy:malpedia=\"Daserf\"","misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Datper":["misp-galaxy:malpedia=\"Datper\""],"Decebal":["misp-galaxy:malpedia=\"Decebal\""],"Delta(Alfa,Bravo, ...)":["misp-galaxy:malpedia=\"Delta(Alfa,Bravo, ...)\""],"Dented":["misp-galaxy:malpedia=\"Dented\""],"DeputyDog":["misp-galaxy:malpedia=\"DeputyDog\""],"DeriaLock":["misp-galaxy:malpedia=\"DeriaLock\""],"Derusbi":["misp-galaxy:malpedia=\"Derusbi\"","misp-galaxy:mitre-enterprise-attack-malware=\"Derusbi - S0021\"","misp-galaxy:mitre-malware=\"Derusbi - S0021\"","misp-galaxy:tool=\"Derusbi\""],"PHOTO":["misp-galaxy:malpedia=\"Derusbi\"","misp-galaxy:mitre-enterprise-attack-malware=\"Derusbi - S0021\"","misp-galaxy:mitre-malware=\"Derusbi - S0021\""],"Devil's Rat":["misp-galaxy:malpedia=\"Devil's Rat\""],"Dexter":["misp-galaxy:malpedia=\"Dexter\""],"LusyPOS":["misp-galaxy:malpedia=\"Dexter\""],"Dharma":["misp-galaxy:malpedia=\"Dharma\""],"Arena":["misp-galaxy:malpedia=\"Dharma\""],"Crysis":["misp-galaxy:malpedia=\"Dharma\""],"DiamondFox":["misp-galaxy:malpedia=\"DiamondFox\""],"Crystal":["misp-galaxy:malpedia=\"DiamondFox\""],"Gorynch":["misp-galaxy:malpedia=\"DiamondFox\""],"Gorynych":["misp-galaxy:malpedia=\"DiamondFox\""],"Dimnie":["misp-galaxy:malpedia=\"Dimnie\"","misp-galaxy:tool=\"Dimnie\""],"DirCrypt":["misp-galaxy:malpedia=\"DirCrypt\"","misp-galaxy:ransomware=\"DirCrypt\""],"DispenserXFS":["misp-galaxy:malpedia=\"DispenserXFS\""],"DistTrack":["misp-galaxy:malpedia=\"DistTrack\"","misp-galaxy:tool=\"Shamoon\""],"Dockster":["misp-galaxy:malpedia=\"Dockster\""],"DogHousePower":["misp-galaxy:malpedia=\"DogHousePower\""],"Shelma":["misp-galaxy:malpedia=\"DogHousePower\""],"Dorshel":["misp-galaxy:malpedia=\"Dorshel\""],"DoublePulsar":["misp-galaxy:malpedia=\"DoublePulsar\""],"DownPaper":["misp-galaxy:malpedia=\"DownPaper\"","misp-galaxy:mitre-enterprise-attack-malware=\"DownPaper - S0186\"","misp-galaxy:mitre-malware=\"DownPaper - S0186\""],"Downdelph":["misp-galaxy:malpedia=\"Downdelph\"","misp-galaxy:mitre-enterprise-attack-malware=\"Downdelph - S0134\"","misp-galaxy:mitre-malware=\"Downdelph - S0134\"","misp-galaxy:tool=\"Downdelph\""],"DELPHACY":["misp-galaxy:malpedia=\"Downdelph\""],"Downeks":["misp-galaxy:malpedia=\"Downeks\""],"DramNudge":["misp-galaxy:malpedia=\"DramNudge\""],"DreamBot":["misp-galaxy:malpedia=\"DreamBot\""],"DtBackdoor":["misp-galaxy:malpedia=\"DtBackdoor\""],"DuQu":["misp-galaxy:malpedia=\"DuQu\""],"DualToy (Android)":["misp-galaxy:malpedia=\"DualToy (Android)\""],"DualToy (Windows)":["misp-galaxy:malpedia=\"DualToy (Windows)\""],"DualToy (iOS)":["misp-galaxy:malpedia=\"DualToy (iOS)\""],"Dumador":["misp-galaxy:malpedia=\"Dumador\""],"Dummy":["misp-galaxy:malpedia=\"Dummy\""],"Duuzer":["misp-galaxy:malpedia=\"Duuzer\""],"Dvmap":["misp-galaxy:malpedia=\"Dvmap\""],"EDA2":["misp-galaxy:malpedia=\"EDA2\"","misp-galaxy:ransomware=\"HiddenTear\""],"EHDevel":["misp-galaxy:malpedia=\"EHDevel\""],"ELMER":["misp-galaxy:malpedia=\"ELMER\"","misp-galaxy:mitre-enterprise-attack-malware=\"ELMER - S0064\"","misp-galaxy:mitre-malware=\"ELMER - S0064\""],"Elmost":["misp-galaxy:malpedia=\"ELMER\""],"EVILNUM (Javascript)":["misp-galaxy:malpedia=\"EVILNUM (Javascript)\""],"EVILNUM (Windows)":["misp-galaxy:malpedia=\"EVILNUM (Windows)\""],"Ebury":["misp-galaxy:malpedia=\"Ebury\"","misp-galaxy:mitre-malware=\"Ebury - S0377\""],"Eleanor":["misp-galaxy:malpedia=\"Eleanor\""],"ElectricPowder":["misp-galaxy:malpedia=\"ElectricPowder\""],"Elirks":["misp-galaxy:malpedia=\"Elirks\"","misp-galaxy:tool=\"Elirks\""],"Elise":["misp-galaxy:malpedia=\"Elise\"","misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\"","misp-galaxy:threat-actor=\"Lotus Panda\"","misp-galaxy:tool=\"Elise Backdoor\""],"Emdivi":["misp-galaxy:malpedia=\"Emdivi\"","misp-galaxy:threat-actor=\"Blue Termite\"","misp-galaxy:tool=\"Emdivi\""],"Heodo":["misp-galaxy:malpedia=\"Emotet\"","misp-galaxy:malpedia=\"Geodo\""],"Empire Downloader":["misp-galaxy:malpedia=\"Empire Downloader\""],"Enfal":["misp-galaxy:malpedia=\"Enfal\"","misp-galaxy:mitre-enterprise-attack-malware=\"Lurid - S0010\"","misp-galaxy:mitre-malware=\"Lurid - S0010\""],"Lurid":["misp-galaxy:malpedia=\"Enfal\"","misp-galaxy:mitre-enterprise-attack-malware=\"Lurid - S0010\"","misp-galaxy:mitre-malware=\"Lurid - S0010\"","misp-galaxy:threat-actor=\"Mirage\""],"EquationDrug":["misp-galaxy:malpedia=\"EquationDrug\"","misp-galaxy:tool=\"EquationDrug\""],"Equationgroup (Sorting)":["misp-galaxy:malpedia=\"Equationgroup (Sorting)\""],"Erebus (ELF)":["misp-galaxy:malpedia=\"Erebus (ELF)\""],"Erebus (Windows)":["misp-galaxy:malpedia=\"Erebus (Windows)\""],"Eredel":["misp-galaxy:malpedia=\"Eredel\""],"EternalPetya":["misp-galaxy:malpedia=\"EternalPetya\""],"BadRabbit":["misp-galaxy:malpedia=\"EternalPetya\"","misp-galaxy:ransomware=\"Bad Rabbit\""],"Diskcoder.C":["misp-galaxy:malpedia=\"EternalPetya\""],"ExPetr":["misp-galaxy:malpedia=\"EternalPetya\""],"NonPetya":["misp-galaxy:malpedia=\"EternalPetya\""],"NotPetya":["misp-galaxy:malpedia=\"EternalPetya\"","misp-galaxy:mitre-malware=\"NotPetya - S0368\"","misp-galaxy:tool=\"NotPetya\""],"Nyetya":["misp-galaxy:malpedia=\"EternalPetya\"","misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"Petna":["misp-galaxy:malpedia=\"EternalPetya\""],"Pnyetya":["misp-galaxy:malpedia=\"EternalPetya\""],"nPetya":["misp-galaxy:malpedia=\"EternalPetya\""],"EtumBot":["misp-galaxy:malpedia=\"EtumBot\""],"HighTide":["misp-galaxy:malpedia=\"EtumBot\""],"EvilGrab":["misp-galaxy:malpedia=\"EvilGrab\"","misp-galaxy:mitre-enterprise-attack-malware=\"EvilGrab - S0152\"","misp-galaxy:mitre-malware=\"EvilGrab - S0152\"","misp-galaxy:tool=\"EvilGrab\""],"Vidgrab":["misp-galaxy:malpedia=\"EvilGrab\""],"EvilOSX":["misp-galaxy:malpedia=\"EvilOSX\""],"EvilPony":["misp-galaxy:malpedia=\"EvilPony\""],"CREstealer":["misp-galaxy:malpedia=\"EvilPony\""],"Evilbunny":["misp-galaxy:malpedia=\"Evilbunny\""],"Evrial":["misp-galaxy:malpedia=\"Evrial\""],"Excalibur":["misp-galaxy:malpedia=\"Excalibur\""],"Saber":["misp-galaxy:malpedia=\"Excalibur\""],"Sabresac":["misp-galaxy:malpedia=\"Excalibur\""],"Exile RAT":["misp-galaxy:malpedia=\"Exile RAT\""],"ExoBot":["misp-galaxy:malpedia=\"ExoBot\"","misp-galaxy:malpedia=\"Marcher\""],"Exodus":["misp-galaxy:malpedia=\"Exodus\""],"Eye Pyramid":["misp-galaxy:malpedia=\"Eye Pyramid\""],"FBot":["misp-galaxy:malpedia=\"FBot\""],"FEimea RAT":["misp-galaxy:malpedia=\"FEimea RAT\""],"FF RAT":["misp-galaxy:malpedia=\"FF RAT\""],"FLASHFLOOD":["misp-galaxy:malpedia=\"FLASHFLOOD\"","misp-galaxy:mitre-enterprise-attack-malware=\"FLASHFLOOD - S0036\"","misp-galaxy:mitre-malware=\"FLASHFLOOD - S0036\""],"FailyTale":["misp-galaxy:malpedia=\"FailyTale\""],"Fake Pornhub":["misp-galaxy:malpedia=\"Fake Pornhub\""],"FakeDGA":["misp-galaxy:malpedia=\"FakeDGA\""],"WillExec":["misp-galaxy:malpedia=\"FakeDGA\""],"FakeGram":["misp-galaxy:malpedia=\"FakeGram\""],"FakeTGram":["misp-galaxy:malpedia=\"FakeGram\""],"FakeRean":["misp-galaxy:malpedia=\"FakeRean\""],"Braviax":["misp-galaxy:malpedia=\"FakeRean\""],"FakeSpy":["misp-galaxy:malpedia=\"FakeSpy\""],"FakeTC":["misp-galaxy:malpedia=\"FakeTC\""],"Fanny":["misp-galaxy:malpedia=\"Fanny\"","misp-galaxy:tool=\"Fanny\""],"FantomCrypt":["misp-galaxy:malpedia=\"FantomCrypt\""],"Farseer":["misp-galaxy:malpedia=\"Farseer\""],"FastCash":["misp-galaxy:malpedia=\"FastCash\""],"FastPOS":["misp-galaxy:malpedia=\"FastPOS\""],"Felismus":["misp-galaxy:malpedia=\"Felismus\"","misp-galaxy:mitre-enterprise-attack-malware=\"Felismus - S0171\"","misp-galaxy:mitre-malware=\"Felismus - S0171\""],"Felixroot":["misp-galaxy:malpedia=\"Felixroot\""],"FileIce":["misp-galaxy:malpedia=\"FileIce\""],"Filecoder":["misp-galaxy:malpedia=\"Filecoder\""],"FinFisher RAT":["misp-galaxy:malpedia=\"FinFisher RAT\""],"FinSpy":["misp-galaxy:malpedia=\"FinFisher RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"FinFisher - S0182\"","misp-galaxy:mitre-malware=\"FinFisher - S0182\""],"Final1stSpy":["misp-galaxy:malpedia=\"Final1stSpy\""],"FindPOS":["misp-galaxy:malpedia=\"FindPOS\""],"Poseidon":["misp-galaxy:malpedia=\"FindPOS\""],"FireCrypt":["misp-galaxy:malpedia=\"FireCrypt\"","misp-galaxy:ransomware=\"FireCrypt\""],"FireMalv":["misp-galaxy:malpedia=\"FireMalv\"","misp-galaxy:tool=\"FireMalv\""],"Fireball":["misp-galaxy:malpedia=\"Fireball\"","misp-galaxy:tool=\"Fireball\""],"FirstRansom":["misp-galaxy:malpedia=\"FirstRansom\""],"Flame":["misp-galaxy:malpedia=\"Flame\"","misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\"","misp-galaxy:tool=\"Flame\""],"FlashBack":["misp-galaxy:malpedia=\"FlashBack\""],"FlawedAmmyy":["misp-galaxy:malpedia=\"FlawedAmmyy\"","misp-galaxy:rat=\"FlawedAmmyy\""],"FlawedGrace":["misp-galaxy:malpedia=\"FlawedGrace\"","misp-galaxy:rat=\"FlawedGrace\""],"FlexNet":["misp-galaxy:malpedia=\"FlexNet\""],"gugi":["misp-galaxy:malpedia=\"FlexNet\""],"FlexiSpy (Android)":["misp-galaxy:malpedia=\"FlexiSpy (Android)\""],"FlexiSpy (Windows)":["misp-galaxy:malpedia=\"FlexiSpy (Windows)\""],"FlexiSpy (symbian)":["misp-galaxy:malpedia=\"FlexiSpy (symbian)\""],"FlokiBot":["misp-galaxy:malpedia=\"FlokiBot\""],"FlowerShop":["misp-galaxy:malpedia=\"FlowerShop\""],"Floxif":["misp-galaxy:malpedia=\"Floxif\""],"Flusihoc":["misp-galaxy:malpedia=\"Flusihoc\""],"Formbook":["misp-galaxy:malpedia=\"Formbook\""],"FormerFirstRAT":["misp-galaxy:malpedia=\"FormerFirstRAT\""],"ffrat":["misp-galaxy:malpedia=\"FormerFirstRAT\""],"Freenki Loader":["misp-galaxy:malpedia=\"Freenki Loader\""],"FriedEx":["misp-galaxy:malpedia=\"FriedEx\""],"BitPaymer":["misp-galaxy:malpedia=\"FriedEx\"","misp-galaxy:ransomware=\"BitPaymer\""],"FruitFly":["misp-galaxy:malpedia=\"FruitFly\"","misp-galaxy:mitre-malware=\"FruitFly - S0277\"","misp-galaxy:tool=\"FruitFly\""],"Quimitchin":["misp-galaxy:malpedia=\"FruitFly\""],"Furtim":["misp-galaxy:malpedia=\"Furtim\""],"GEMCUTTER":["misp-galaxy:malpedia=\"GEMCUTTER\""],"GPCode":["misp-galaxy:malpedia=\"GPCode\"","misp-galaxy:ransomware=\"OMG! Ransomware\""],"GPlayed":["misp-galaxy:malpedia=\"GPlayed\""],"GREASE":["misp-galaxy:malpedia=\"GREASE\""],"GROK":["misp-galaxy:malpedia=\"GROK\""],"GalaxyLoader":["misp-galaxy:malpedia=\"GalaxyLoader\""],"Gameover DGA":["misp-galaxy:malpedia=\"Gameover DGA\""],"Gameover P2P":["misp-galaxy:malpedia=\"Gameover P2P\""],"GOZ":["misp-galaxy:malpedia=\"Gameover P2P\""],"ZeuS P2P":["misp-galaxy:malpedia=\"Gameover P2P\""],"Gamotrol":["misp-galaxy:malpedia=\"Gamotrol\""],"Gandcrab":["misp-galaxy:malpedia=\"Gandcrab\""],"GrandCrab":["misp-galaxy:malpedia=\"Gandcrab\""],"Gaudox":["misp-galaxy:malpedia=\"Gaudox\""],"Gauss":["misp-galaxy:malpedia=\"Gauss\""],"Gazer":["misp-galaxy:malpedia=\"Gazer\"","misp-galaxy:mitre-enterprise-attack-malware=\"Gazer - S0168\"","misp-galaxy:mitre-malware=\"Gazer - S0168\""],"WhiteBear":["misp-galaxy:malpedia=\"Gazer\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-enterprise-attack-malware=\"Gazer - S0168\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-malware=\"Gazer - S0168\""],"GearInformer":["misp-galaxy:malpedia=\"GearInformer\""],"GetMail":["misp-galaxy:malpedia=\"GetMail\""],"GetMyPass":["misp-galaxy:malpedia=\"GetMyPass\""],"getmypos":["misp-galaxy:malpedia=\"GetMyPass\""],"Gh0stnet":["misp-galaxy:malpedia=\"Gh0stnet\""],"Remosh":["misp-galaxy:malpedia=\"Gh0stnet\""],"Ghole":["misp-galaxy:malpedia=\"Ghole\""],"CoreImpact (Modified)":["misp-galaxy:malpedia=\"Ghole\""],"Gholee":["misp-galaxy:malpedia=\"Ghole\""],"Ghost RAT":["misp-galaxy:malpedia=\"Ghost RAT\""],"Gh0st RAT":["misp-galaxy:malpedia=\"Ghost RAT\"","misp-galaxy:rat=\"Gh0st RAT\""],"PCRat":["misp-galaxy:malpedia=\"Ghost RAT\""],"GhostAdmin":["misp-galaxy:malpedia=\"GhostAdmin\"","misp-galaxy:tool=\"GhostAdmin\""],"Ghost iBot":["misp-galaxy:malpedia=\"GhostAdmin\""],"GhostMiner":["misp-galaxy:malpedia=\"GhostMiner\"","misp-galaxy:tool=\"GhostMiner\""],"GlanceLove":["misp-galaxy:malpedia=\"GlanceLove\""],"GlassRAT":["misp-galaxy:malpedia=\"GlassRAT\""],"Glasses":["misp-galaxy:malpedia=\"Glasses\""],"Wordpress Bruteforcer":["misp-galaxy:malpedia=\"Glasses\""],"GlitchPOS":["misp-galaxy:malpedia=\"GlitchPOS\""],"Globe":["misp-galaxy:malpedia=\"Globe\""],"GlobeImposter":["misp-galaxy:malpedia=\"GlobeImposter\"","misp-galaxy:ransomware=\"Fake Globe Ransomware\"","misp-galaxy:ransomware=\"GlobeImposter\""],"GlooxMail":["misp-galaxy:malpedia=\"GlooxMail\""],"Glupteba":["misp-galaxy:malpedia=\"Glupteba\""],"Godzilla Loader":["misp-galaxy:malpedia=\"Godzilla Loader\""],"Goggles":["misp-galaxy:malpedia=\"Goggles\""],"GoldDragon":["misp-galaxy:malpedia=\"GoldDragon\""],"GoldenEye":["misp-galaxy:malpedia=\"GoldenEye\"","misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"Petya\/Mischa":["misp-galaxy:malpedia=\"GoldenEye\""],"GoldenRAT":["misp-galaxy:malpedia=\"GoldenRAT\""],"Golroted":["misp-galaxy:malpedia=\"Golroted\""],"GooPic Drooper":["misp-galaxy:malpedia=\"GooPic Drooper\""],"Goodor":["misp-galaxy:malpedia=\"Goodor\""],"Fuerboos":["misp-galaxy:malpedia=\"Goodor\""],"GoogleDrive RAT":["misp-galaxy:malpedia=\"GoogleDrive RAT\""],"GootKit":["misp-galaxy:malpedia=\"GootKit\"","misp-galaxy:tool=\"GootKit\""],"Xswkit":["misp-galaxy:malpedia=\"GootKit\""],"talalpek":["misp-galaxy:malpedia=\"GootKit\""],"GovRAT":["misp-galaxy:malpedia=\"GovRAT\"","misp-galaxy:rat=\"GovRAT\""],"Gozi CRM":["misp-galaxy:malpedia=\"Gozi\""],"GrabBot":["misp-galaxy:malpedia=\"GrabBot\""],"Graftor":["misp-galaxy:malpedia=\"Graftor\"","misp-galaxy:tool=\"Aumlib\""],"Grateful POS":["misp-galaxy:malpedia=\"Grateful POS\""],"FrameworkPOS":["misp-galaxy:malpedia=\"Grateful POS\""],"trinity":["misp-galaxy:malpedia=\"Grateful POS\""],"Gratem":["misp-galaxy:malpedia=\"Gratem\""],"Gravity RAT":["misp-galaxy:malpedia=\"Gravity RAT\""],"GreenShaitan":["misp-galaxy:malpedia=\"GreenShaitan\""],"eoehttp":["misp-galaxy:malpedia=\"GreenShaitan\""],"GreyEnergy":["misp-galaxy:malpedia=\"GreyEnergy\"","misp-galaxy:mitre-malware=\"GreyEnergy - S0342\"","misp-galaxy:threat-actor=\"GreyEnergy\""],"Griffon":["misp-galaxy:malpedia=\"Griffon\""],"GuiInject":["misp-galaxy:malpedia=\"GuiInject\""],"Gustuff":["misp-galaxy:malpedia=\"Gustuff\""],"H1N1 Loader":["misp-galaxy:malpedia=\"H1N1 Loader\""],"HALFBAKED":["misp-galaxy:malpedia=\"HALFBAKED\"","misp-galaxy:mitre-enterprise-attack-malware=\"HALFBAKED - S0151\"","misp-galaxy:mitre-malware=\"HALFBAKED - S0151\"","misp-galaxy:tool=\"VB Flash\""],"HLUX":["misp-galaxy:malpedia=\"HLUX\""],"HOPLIGHT":["misp-galaxy:malpedia=\"HOPLIGHT\"","misp-galaxy:mitre-malware=\"HOPLIGHT - S0376\""],"HTML5 Encoding":["misp-galaxy:malpedia=\"HTML5 Encoding\""],"HTran":["misp-galaxy:malpedia=\"HTran\"","misp-galaxy:tool=\"Htran\""],"HUC Packet Transmit Tool":["misp-galaxy:malpedia=\"HTran\"","misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"","misp-galaxy:mitre-tool=\"HTRAN - S0040\""],"HackSpy":["misp-galaxy:malpedia=\"HackSpy\""],"Hacksfase":["misp-galaxy:malpedia=\"Hacksfase\""],"Haiduc":["misp-galaxy:malpedia=\"Haiduc\""],"Hakai":["misp-galaxy:malpedia=\"Hakai\""],"Hamweq":["misp-galaxy:malpedia=\"Hamweq\""],"Hancitor":["misp-galaxy:malpedia=\"Hancitor\"","misp-galaxy:tool=\"Hancitor\""],"Chanitor":["misp-galaxy:malpedia=\"Hancitor\"","misp-galaxy:tool=\"Hancitor\""],"HappyLocker (HiddenTear?)":["misp-galaxy:malpedia=\"HappyLocker (HiddenTear?)\""],"Harnig":["misp-galaxy:malpedia=\"Harnig\""],"Piptea":["misp-galaxy:malpedia=\"Harnig\""],"Havex RAT":["misp-galaxy:malpedia=\"Havex RAT\"","misp-galaxy:tool=\"Havex RAT\""],"HawkEye Keylogger":["misp-galaxy:malpedia=\"HawkEye Keylogger\""],"HawkEye Reborn":["misp-galaxy:malpedia=\"HawkEye Keylogger\""],"Predator Pain":["misp-galaxy:malpedia=\"HawkEye Keylogger\"","misp-galaxy:rat=\"Predator Pain\""],"Helauto":["misp-galaxy:malpedia=\"Helauto\""],"Helminth":["misp-galaxy:malpedia=\"Helminth\"","misp-galaxy:mitre-enterprise-attack-malware=\"Helminth - S0170\"","misp-galaxy:mitre-malware=\"Helminth - S0170\""],"Heloag":["misp-galaxy:malpedia=\"Heloag\""],"Herbst":["misp-galaxy:malpedia=\"Herbst\"","misp-galaxy:ransomware=\"Herbst\""],"Heriplor":["misp-galaxy:malpedia=\"Heriplor\""],"Hermes Ransomware":["misp-galaxy:malpedia=\"Hermes Ransomware\"","misp-galaxy:ransomware=\"Hermes Ransomware\""],"Hermes":["misp-galaxy:malpedia=\"Hermes\""],"HeroRAT":["misp-galaxy:malpedia=\"HeroRAT\""],"HerpesBot":["misp-galaxy:malpedia=\"HerpesBot\""],"HesperBot":["misp-galaxy:malpedia=\"HesperBot\""],"Hi-Zor RAT":["misp-galaxy:malpedia=\"Hi-Zor RAT\""],"HiKit":["misp-galaxy:malpedia=\"HiKit\""],"HiddenLotus":["misp-galaxy:malpedia=\"HiddenLotus\""],"HiddenTear":["misp-galaxy:malpedia=\"HiddenTear\"","misp-galaxy:ransomware=\"HiddenTear\""],"HideDRV":["misp-galaxy:malpedia=\"HideDRV\""],"HtBot":["misp-galaxy:malpedia=\"HtBot\""],"HttpBrowser":["misp-galaxy:malpedia=\"HttpBrowser\""],"Hworm":["misp-galaxy:malpedia=\"Hworm\"","misp-galaxy:tool=\"Hworm\""],"houdini":["misp-galaxy:malpedia=\"Hworm\""],"HyperBro":["misp-galaxy:malpedia=\"HyperBro\""],"IDKEY":["misp-galaxy:malpedia=\"IDKEY\""],"IISniff":["misp-galaxy:malpedia=\"IISniff\""],"IRONHALO":["misp-galaxy:malpedia=\"IRONHALO\""],"IRRat":["misp-galaxy:malpedia=\"IRRat\""],"ISFB":["misp-galaxy:malpedia=\"ISFB\""],"Pandemyia":["misp-galaxy:malpedia=\"ISFB\""],"ISMAgent":["misp-galaxy:malpedia=\"ISMAgent\""],"ISMDoor":["misp-galaxy:malpedia=\"ISMDoor\""],"ISR Stealer":["misp-galaxy:malpedia=\"ISR Stealer\""],"IcedID Downloader":["misp-galaxy:malpedia=\"IcedID Downloader\""],"BokBot":["misp-galaxy:malpedia=\"IcedID\""],"Icefog":["misp-galaxy:malpedia=\"Icefog\""],"Imecab":["misp-galaxy:malpedia=\"Imecab\""],"Imminent Monitor RAT":["misp-galaxy:malpedia=\"Imminent Monitor RAT\""],"Infy":["misp-galaxy:malpedia=\"Infy\"","misp-galaxy:threat-actor=\"Infy\""],"Foudre":["misp-galaxy:malpedia=\"Infy\""],"InnaputRAT":["misp-galaxy:malpedia=\"InnaputRAT\"","misp-galaxy:mitre-malware=\"InnaputRAT - S0259\""],"InvisiMole":["misp-galaxy:malpedia=\"InvisiMole\"","misp-galaxy:mitre-malware=\"InvisiMole - S0260\"","misp-galaxy:tool=\"InvisiMole\""],"IoT Reaper":["misp-galaxy:malpedia=\"IoT Reaper\""],"IoTroop":["misp-galaxy:malpedia=\"IoT Reaper\""],"Reaper":["misp-galaxy:malpedia=\"IoT Reaper\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"APT37\""],"Irc16":["misp-galaxy:malpedia=\"Irc16\""],"IsSpace":["misp-galaxy:malpedia=\"IsSpace\"","misp-galaxy:tool=\"IsSpace\""],"IsraBye":["misp-galaxy:malpedia=\"IsraBye\"","misp-galaxy:ransomware=\"IsraBye\""],"JCry":["misp-galaxy:malpedia=\"JCry\""],"JQJSNICKER":["misp-galaxy:malpedia=\"JQJSNICKER\""],"JackPOS":["misp-galaxy:malpedia=\"JackPOS\""],"JadeRAT":["misp-galaxy:malpedia=\"JadeRAT\"","misp-galaxy:rat=\"JadeRAT\""],"Jaff":["misp-galaxy:malpedia=\"Jaff\"","misp-galaxy:ransomware=\"Jaff\""],"Jager Decryptor":["misp-galaxy:malpedia=\"Jager Decryptor\""],"Jaku":["misp-galaxy:malpedia=\"Jaku\""],"C3PRO-RACOON":["misp-galaxy:malpedia=\"Jaku\""],"KCNA Infostealer":["misp-galaxy:malpedia=\"Jaku\""],"Reconcyc":["misp-galaxy:malpedia=\"Jaku\""],"Jasus":["misp-galaxy:malpedia=\"Jasus\""],"JavaDispCash":["misp-galaxy:malpedia=\"JavaDispCash\""],"JenX":["misp-galaxy:malpedia=\"JenX\""],"Jigsaw":["misp-galaxy:malpedia=\"Jigsaw\"","misp-galaxy:ransomware=\"Jigsaw\""],"Jimmy":["misp-galaxy:malpedia=\"Jimmy\"","misp-galaxy:malpedia=\"Neutrino POS\""],"Joanap":["misp-galaxy:malpedia=\"Joanap\""],"Joao":["misp-galaxy:malpedia=\"Joao\"","misp-galaxy:tool=\"Joao\""],"Jolob":["misp-galaxy:malpedia=\"Jolob\"","misp-galaxy:tool=\"Jolob\""],"JripBot":["misp-galaxy:malpedia=\"JripBot\""],"KAgent":["misp-galaxy:malpedia=\"KAgent\""],"KEYMARBLE":["misp-galaxy:malpedia=\"KEYMARBLE\"","misp-galaxy:mitre-malware=\"KEYMARBLE - S0271\"","misp-galaxy:tool=\"KEYMARBLE\""],"KHRAT":["misp-galaxy:malpedia=\"KHRAT\"","misp-galaxy:tool=\"KHRAT\""],"KINS":["misp-galaxy:malpedia=\"KINS\""],"KLRD":["misp-galaxy:malpedia=\"KLRD\""],"KOMPROGO":["misp-galaxy:malpedia=\"KOMPROGO\"","misp-galaxy:mitre-enterprise-attack-malware=\"KOMPROGO - S0156\"","misp-galaxy:mitre-malware=\"KOMPROGO - S0156\""],"KPOT Stealer":["misp-galaxy:malpedia=\"KPOT Stealer\""],"KSL0T":["misp-galaxy:malpedia=\"KSL0T\""],"Kaiten":["misp-galaxy:malpedia=\"Kaiten\""],"STD":["misp-galaxy:malpedia=\"Kaiten\""],"Karagany":["misp-galaxy:malpedia=\"Karagany\""],"Kardon Loader":["misp-galaxy:malpedia=\"Kardon Loader\""],"Karkoff":["misp-galaxy:malpedia=\"Karkoff\"","misp-galaxy:tool=\"Karkoff\""],"KasperAgent":["misp-galaxy:malpedia=\"KasperAgent\""],"Kazuar":["misp-galaxy:malpedia=\"Kazuar\"","misp-galaxy:mitre-malware=\"Kazuar - S0265\"","misp-galaxy:tool=\"Kazuar\""],"KeRanger":["misp-galaxy:malpedia=\"KeRanger\"","misp-galaxy:ransomware=\"KeRanger\""],"Kegotip":["misp-galaxy:malpedia=\"Kegotip\""],"KerrDown":["misp-galaxy:malpedia=\"KerrDown\""],"KevDroid":["misp-galaxy:malpedia=\"KevDroid\""],"KeyBase":["misp-galaxy:malpedia=\"KeyBase\""],"Kibex":["misp-galaxy:malpedia=\"KeyBase\""],"KeyBoy":["misp-galaxy:malpedia=\"KeyBoy\"","misp-galaxy:malpedia=\"Yahoyah\"","misp-galaxy:mitre-intrusion-set=\"Tropic Trooper - G0081\"","misp-galaxy:threat-actor=\"Pirate Panda\"","misp-galaxy:tool=\"KeyBoy\""],"TSSL":["misp-galaxy:malpedia=\"KeyBoy\""],"KeyPass":["misp-galaxy:malpedia=\"KeyPass\"","misp-galaxy:malpedia=\"STOP Ransomware\"","misp-galaxy:ransomware=\"KEYPASS\""],"Keydnap":["misp-galaxy:malpedia=\"Keydnap\"","misp-galaxy:mitre-malware=\"Keydnap - S0276\""],"Kikothac":["misp-galaxy:malpedia=\"Kikothac\""],"KillDisk":["misp-galaxy:malpedia=\"KillDisk\"","misp-galaxy:tool=\"KillDisk Wiper\""],"Kitmos":["misp-galaxy:malpedia=\"Kitmos\""],"KitM":["misp-galaxy:malpedia=\"Kitmos\""],"KleptoParasite Stealer":["misp-galaxy:malpedia=\"KleptoParasite Stealer\""],"Joglog":["misp-galaxy:malpedia=\"KleptoParasite Stealer\""],"Koadic":["misp-galaxy:malpedia=\"Koadic\"","misp-galaxy:mitre-tool=\"Koadic - S0250\"","misp-galaxy:tool=\"Koadic\""],"KokoKrypt":["misp-galaxy:malpedia=\"KokoKrypt\""],"Koler":["misp-galaxy:malpedia=\"Koler\""],"Komplex":["misp-galaxy:malpedia=\"Komplex\"","misp-galaxy:mitre-enterprise-attack-malware=\"Komplex - S0162\"","misp-galaxy:mitre-malware=\"Komplex - S0162\""],"JHUHUGIT":["misp-galaxy:malpedia=\"Komplex\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:tool=\"GAMEFISH\""],"JKEYSKW":["misp-galaxy:malpedia=\"Komplex\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"SedUploader":["misp-galaxy:malpedia=\"Komplex\""],"Konni":["misp-galaxy:malpedia=\"Konni\"","misp-galaxy:rat=\"Konni\""],"KoobFace":["misp-galaxy:malpedia=\"KoobFace\""],"KopiLuwak":["misp-galaxy:malpedia=\"KopiLuwak\""],"Korlia":["misp-galaxy:malpedia=\"Korlia\""],"Bisonal":["misp-galaxy:malpedia=\"Korlia\"","misp-galaxy:mitre-malware=\"Bisonal - S0268\"","misp-galaxy:tool=\"Bisonal\""],"Kovter":["misp-galaxy:malpedia=\"Kovter\""],"KrBanker":["misp-galaxy:malpedia=\"KrBanker\""],"BlackMoon":["misp-galaxy:malpedia=\"KrBanker\""],"KrDownloader":["misp-galaxy:malpedia=\"KrDownloader\""],"Osiris":["misp-galaxy:malpedia=\"Kronos\""],"Kuaibu":["misp-galaxy:malpedia=\"Kuaibu\""],"Barys":["misp-galaxy:malpedia=\"Kuaibu\""],"Gofot":["misp-galaxy:malpedia=\"Kuaibu\""],"Kuaibpy":["misp-galaxy:malpedia=\"Kuaibu\""],"Kuluoz":["misp-galaxy:malpedia=\"Kuluoz\""],"Kurton":["misp-galaxy:malpedia=\"Kurton\""],"Kutaki":["misp-galaxy:malpedia=\"Kutaki\""],"Kwampirs":["misp-galaxy:malpedia=\"Kwampirs\"","misp-galaxy:mitre-malware=\"Kwampirs - S0236\"","misp-galaxy:tool=\"Kwampirs\""],"LOWBALL":["misp-galaxy:malpedia=\"LOWBALL\"","misp-galaxy:mitre-enterprise-attack-malware=\"LOWBALL - S0042\"","misp-galaxy:mitre-malware=\"LOWBALL - S0042\""],"Lady":["misp-galaxy:malpedia=\"Lady\""],"Lambert":["misp-galaxy:malpedia=\"Lambert\""],"Lamdelin":["misp-galaxy:malpedia=\"Lamdelin\""],"Laoshu":["misp-galaxy:malpedia=\"Laoshu\""],"LatentBot":["misp-galaxy:malpedia=\"LatentBot\""],"Lazarus (Android)":["misp-galaxy:malpedia=\"Lazarus (Android)\""],"Lazarus (Windows)":["misp-galaxy:malpedia=\"Lazarus (Windows)\""],"Lazarus ELF Backdoor":["misp-galaxy:malpedia=\"Lazarus ELF Backdoor\""],"Laziok":["misp-galaxy:malpedia=\"Laziok\"","misp-galaxy:tool=\"Trojan.Laziok\""],"LazyCat":["misp-galaxy:malpedia=\"LazyCat\""],"Leash":["misp-galaxy:malpedia=\"Leash\""],"Leouncia":["misp-galaxy:malpedia=\"Leouncia\""],"shoco":["misp-galaxy:malpedia=\"Leouncia\""],"Leverage":["misp-galaxy:malpedia=\"Leverage\""],"LimeRAT":["misp-galaxy:malpedia=\"LimeRAT\""],"Limitail":["misp-galaxy:malpedia=\"Limitail\""],"Listrix":["misp-galaxy:malpedia=\"Listrix\""],"LiteHTTP":["misp-galaxy:malpedia=\"LiteHTTP\""],"LoJax":["misp-galaxy:malpedia=\"LoJax\"","misp-galaxy:tool=\"LoJax\""],"LockPOS":["misp-galaxy:malpedia=\"LockPOS\""],"LockerGoga":["misp-galaxy:malpedia=\"LockerGoga\"","misp-galaxy:ransomware=\"LockerGoga\""],"Locky (Decryptor)":["misp-galaxy:malpedia=\"Locky (Decryptor)\""],"Locky Loader":["misp-galaxy:malpedia=\"Locky Loader\""],"Locky":["misp-galaxy:malpedia=\"Locky\"","misp-galaxy:ransomware=\"Locky\""],"Loda":["misp-galaxy:malpedia=\"Loda\""],"Nymeria":["misp-galaxy:malpedia=\"Loda\""],"LogPOS":["misp-galaxy:malpedia=\"LogPOS\""],"Logedrut":["misp-galaxy:malpedia=\"Logedrut\""],"Loki Password Stealer (PWS)":["misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\""],"Loki":["misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\"","misp-galaxy:malpedia=\"Loki\""],"LokiPWS":["misp-galaxy:malpedia=\"Loki Password Stealer (PWS)\""],"Lordix":["misp-galaxy:malpedia=\"Lordix\""],"LuckyCat":["misp-galaxy:malpedia=\"LuckyCat\""],"Luminosity RAT":["misp-galaxy:malpedia=\"Luminosity RAT\""],"LunchMoney":["misp-galaxy:malpedia=\"LunchMoney\""],"Lurk":["misp-galaxy:malpedia=\"Lurk\""],"Luzo":["misp-galaxy:malpedia=\"Luzo\""],"Lyposit":["misp-galaxy:malpedia=\"Lyposit\""],"Adneukine":["misp-galaxy:malpedia=\"Lyposit\""],"Bomba Locker":["misp-galaxy:malpedia=\"Lyposit\""],"Lucky Locker":["misp-galaxy:malpedia=\"Lyposit\""],"MAPIget":["misp-galaxy:malpedia=\"MAPIget\""],"MBRlock":["misp-galaxy:malpedia=\"MBRlock\""],"DexLocker":["misp-galaxy:malpedia=\"MBRlock\""],"MECHANICAL":["misp-galaxy:malpedia=\"MECHANICAL\""],"MILKMAID":["misp-galaxy:malpedia=\"MILKMAID\""],"MM Core":["misp-galaxy:malpedia=\"MM Core\"","misp-galaxy:tool=\"MM Core\""],"MPKBot":["misp-galaxy:malpedia=\"MPKBot\""],"MPK":["misp-galaxy:malpedia=\"MPKBot\""],"MS Exchange Tool":["misp-galaxy:malpedia=\"MS Exchange Tool\""],"MaMi":["misp-galaxy:malpedia=\"MaMi\""],"MacDownloader":["misp-galaxy:malpedia=\"MacDownloader\"","misp-galaxy:tool=\"MacDownloader\""],"MacInstaller":["misp-galaxy:malpedia=\"MacInstaller\""],"MacRansom":["misp-galaxy:malpedia=\"MacRansom\"","misp-galaxy:ransomware=\"MacRansom\""],"MacSpy":["misp-galaxy:malpedia=\"MacSpy\"","misp-galaxy:mitre-malware=\"MacSpy - S0282\"","misp-galaxy:rat=\"MacSpy\""],"MacVX":["misp-galaxy:malpedia=\"MacVX\""],"Machete":["misp-galaxy:malpedia=\"Machete\"","misp-galaxy:threat-actor=\"El Machete\""],"El Machete":["misp-galaxy:malpedia=\"Machete\"","misp-galaxy:threat-actor=\"El Machete\""],"MadMax":["misp-galaxy:malpedia=\"MadMax\""],"Magala":["misp-galaxy:malpedia=\"Magala\""],"Magniber":["misp-galaxy:malpedia=\"Magniber\""],"Maintools.js":["misp-galaxy:malpedia=\"Maintools.js\""],"MajikPos":["misp-galaxy:malpedia=\"MajikPos\""],"MakLoader":["misp-galaxy:malpedia=\"MakLoader\""],"Makadocs":["misp-galaxy:malpedia=\"Makadocs\""],"Maktub":["misp-galaxy:malpedia=\"Maktub\""],"MalumPOS":["misp-galaxy:malpedia=\"MalumPOS\""],"Mamba":["misp-galaxy:malpedia=\"Mamba\"","misp-galaxy:ransomware=\"HDDCryptor\""],"DiskCryptor":["misp-galaxy:malpedia=\"Mamba\""],"HDDCryptor":["misp-galaxy:malpedia=\"Mamba\"","misp-galaxy:ransomware=\"HDDCryptor\""],"ManItsMe":["misp-galaxy:malpedia=\"ManItsMe\""],"ManameCrypt":["misp-galaxy:malpedia=\"ManameCrypt\""],"CryptoHost":["misp-galaxy:malpedia=\"ManameCrypt\"","misp-galaxy:ransomware=\"CryptoHost\""],"Mangzamel":["misp-galaxy:malpedia=\"Mangzamel\""],"junidor":["misp-galaxy:malpedia=\"Mangzamel\""],"mengkite":["misp-galaxy:malpedia=\"Mangzamel\""],"vedratve":["misp-galaxy:malpedia=\"Mangzamel\""],"Manifestus":["misp-galaxy:malpedia=\"Manifestus\"","misp-galaxy:ransomware=\"EnkripsiPC Ransomware\""],"Marap":["misp-galaxy:malpedia=\"Marap\""],"Marcher":["misp-galaxy:malpedia=\"Marcher\"","misp-galaxy:mitre-malware=\"Marcher - S0317\""],"Masuta":["misp-galaxy:malpedia=\"Masuta\"","misp-galaxy:tool=\"Masuta\""],"PureMasuta":["misp-galaxy:malpedia=\"Masuta\"","misp-galaxy:tool=\"Masuta\""],"Matrix Ransom":["misp-galaxy:malpedia=\"Matrix Ransom\""],"Matryoshka RAT":["misp-galaxy:malpedia=\"Matryoshka RAT\""],"Matsnu":["misp-galaxy:malpedia=\"Matsnu\""],"MazarBot":["misp-galaxy:malpedia=\"MazarBot\""],"Mebromi":["misp-galaxy:malpedia=\"Mebromi\""],"MyBios":["misp-galaxy:malpedia=\"Mebromi\""],"Medre":["misp-galaxy:malpedia=\"Medre\""],"Medusa":["misp-galaxy:malpedia=\"Medusa\""],"Merlin":["misp-galaxy:malpedia=\"Merlin\""],"Metamorfo":["misp-galaxy:malpedia=\"Metamorfo\""],"Casbaneiro":["misp-galaxy:malpedia=\"Metamorfo\""],"Mewsei":["misp-galaxy:malpedia=\"Mewsei\""],"MiKey":["misp-galaxy:malpedia=\"MiKey\""],"Miancha":["misp-galaxy:malpedia=\"Miancha\""],"Micrass":["misp-galaxy:malpedia=\"Micrass\""],"Microcin":["misp-galaxy:malpedia=\"Microcin\"","misp-galaxy:threat-actor=\"Microcin\""],"Micropsia":["misp-galaxy:malpedia=\"Micropsia\"","misp-galaxy:mitre-malware=\"Micropsia - S0339\""],"Mikoponi":["misp-galaxy:malpedia=\"Mikoponi\""],"MimiKatz":["misp-galaxy:malpedia=\"MimiKatz\""],"MiniASP":["misp-galaxy:malpedia=\"MiniASP\""],"Mirage":["misp-galaxy:malpedia=\"Mirage\"","misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"MirageFox":["misp-galaxy:malpedia=\"MirageFox\"","misp-galaxy:mitre-malware=\"MirageFox - S0280\""],"Mirai (ELF)":["misp-galaxy:malpedia=\"Mirai (ELF)\""],"Mirai (Windows)":["misp-galaxy:malpedia=\"Mirai (Windows)\""],"Misdat":["misp-galaxy:malpedia=\"Misdat\"","misp-galaxy:mitre-enterprise-attack-malware=\"Misdat - S0083\"","misp-galaxy:mitre-malware=\"Misdat - S0083\""],"Misfox":["misp-galaxy:malpedia=\"Misfox\""],"MixFox":["misp-galaxy:malpedia=\"Misfox\""],"ModPack":["misp-galaxy:malpedia=\"Misfox\""],"Miuref":["misp-galaxy:malpedia=\"Miuref\""],"MobiRAT":["misp-galaxy:malpedia=\"MobiRAT\""],"Mocton":["misp-galaxy:malpedia=\"Mocton\""],"ModPOS":["misp-galaxy:malpedia=\"ModPOS\""],"straxbot":["misp-galaxy:malpedia=\"ModPOS\""],"Moker":["misp-galaxy:malpedia=\"Moker\""],"Mokes (ELF)":["misp-galaxy:malpedia=\"Mokes (ELF)\""],"Mokes (OS X)":["misp-galaxy:malpedia=\"Mokes (OS X)\""],"Mokes (Windows)":["misp-galaxy:malpedia=\"Mokes (Windows)\""],"Mole":["misp-galaxy:malpedia=\"Mole\""],"Molerat Loader":["misp-galaxy:malpedia=\"Molerat Loader\""],"Monero Miner":["misp-galaxy:malpedia=\"Monero Miner\""],"CoinMiner":["misp-galaxy:malpedia=\"Monero Miner\"","misp-galaxy:tool=\"CoinMiner\""],"MoonWind":["misp-galaxy:malpedia=\"MoonWind\"","misp-galaxy:mitre-enterprise-attack-malware=\"MoonWind - S0149\"","misp-galaxy:mitre-malware=\"MoonWind - S0149\"","misp-galaxy:rat=\"MoonWind\"","misp-galaxy:tool=\"MoonWind\""],"Moose":["misp-galaxy:malpedia=\"Moose\""],"More_eggs":["misp-galaxy:malpedia=\"More_eggs\"","misp-galaxy:mitre-malware=\"More_eggs - S0284\""],"SpicyOmelette":["misp-galaxy:malpedia=\"More_eggs\"","misp-galaxy:tool=\"SpicyOmelette\""],"Morphine":["misp-galaxy:malpedia=\"Morphine\""],"Morto":["misp-galaxy:malpedia=\"Morto\""],"Mosquito":["misp-galaxy:malpedia=\"Mosquito\"","misp-galaxy:mitre-malware=\"Mosquito - S0256\""],"Moure":["misp-galaxy:malpedia=\"Moure\""],"MrBlack":["misp-galaxy:malpedia=\"MrBlack\""],"Mughthesec":["misp-galaxy:malpedia=\"Mughthesec\"","misp-galaxy:tool=\"Mughthesec\""],"Multigrain POS":["misp-galaxy:malpedia=\"Multigrain POS\""],"Mutabaha":["misp-galaxy:malpedia=\"Mutabaha\""],"MyKings Spreader":["misp-galaxy:malpedia=\"MyKings Spreader\""],"MyloBot":["misp-galaxy:malpedia=\"MyloBot\""],"N40":["misp-galaxy:malpedia=\"N40\""],"NETEAGLE":["misp-galaxy:malpedia=\"NETEAGLE\"","misp-galaxy:mitre-enterprise-attack-malware=\"NETEAGLE - S0034\"","misp-galaxy:mitre-malware=\"NETEAGLE - S0034\""],"ScoutEagle":["misp-galaxy:malpedia=\"NETEAGLE\""],"Nabucur":["misp-galaxy:malpedia=\"Nabucur\""],"Nagini":["misp-galaxy:malpedia=\"Nagini\""],"Naikon":["misp-galaxy:malpedia=\"Naikon\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Naikon - G0019\"","misp-galaxy:mitre-intrusion-set=\"Naikon - G0019\"","misp-galaxy:threat-actor=\"Naikon\""],"NanHaiShu":["misp-galaxy:malpedia=\"NanHaiShu\"","misp-galaxy:mitre-enterprise-attack-malware=\"NanHaiShu - S0228\"","misp-galaxy:mitre-malware=\"NanHaiShu - S0228\"","misp-galaxy:tool=\"NanHaiShu\""],"NanoLocker":["misp-galaxy:malpedia=\"NanoLocker\"","misp-galaxy:ransomware=\"NanoLocker\""],"Nanocore RAT":["misp-galaxy:malpedia=\"Nanocore RAT\""],"Narilam":["misp-galaxy:malpedia=\"Narilam\""],"Nautilus":["misp-galaxy:malpedia=\"Nautilus\"","misp-galaxy:tool=\"Nautilus\""],"NavRAT":["misp-galaxy:malpedia=\"NavRAT\"","misp-galaxy:mitre-malware=\"NavRAT - S0247\"","misp-galaxy:rat=\"NavRAT\""],"Necurs":["misp-galaxy:malpedia=\"Necurs\"","misp-galaxy:tool=\"Necurs\""],"nucurs":["misp-galaxy:malpedia=\"Necurs\""],"Nemim":["misp-galaxy:malpedia=\"Nemim\"","misp-galaxy:threat-actor=\"DarkHotel\""],"Nemain":["misp-galaxy:malpedia=\"Nemim\""],"NetC":["misp-galaxy:malpedia=\"NetC\"","misp-galaxy:mitre-enterprise-attack-malware=\"Net Crawler - S0056\"","misp-galaxy:mitre-malware=\"Net Crawler - S0056\""],"NetSupportManager RAT":["misp-galaxy:malpedia=\"NetSupportManager RAT\""],"NetTraveler":["misp-galaxy:malpedia=\"NetTraveler\"","misp-galaxy:mitre-enterprise-attack-malware=\"NetTraveler - S0033\"","misp-galaxy:mitre-malware=\"NetTraveler - S0033\"","misp-galaxy:threat-actor=\"NetTraveler\"","misp-galaxy:tool=\"NetTraveler\""],"TravNet":["misp-galaxy:malpedia=\"NetTraveler\"","misp-galaxy:threat-actor=\"NetTraveler\"","misp-galaxy:tool=\"NetTraveler\""],"NetWire RC":["misp-galaxy:malpedia=\"NetWire RC\""],"Recam":["misp-galaxy:malpedia=\"NetWire RC\""],"Netrepser":["misp-galaxy:malpedia=\"Netrepser\""],"Neuron":["misp-galaxy:malpedia=\"Neuron\"","misp-galaxy:tool=\"Neuron\""],"Neutrino POS":["misp-galaxy:malpedia=\"Neutrino POS\""],"Kasidet":["misp-galaxy:malpedia=\"Neutrino\"","misp-galaxy:mitre-enterprise-attack-malware=\"Kasidet - S0088\"","misp-galaxy:mitre-malware=\"Kasidet - S0088\""],"NewCT":["misp-galaxy:malpedia=\"NewCT\"","misp-galaxy:tool=\"NewCT\""],"CT":["misp-galaxy:malpedia=\"NewCT\""],"NewCore RAT":["misp-galaxy:malpedia=\"NewCore RAT\""],"NewPosThings":["misp-galaxy:malpedia=\"NewPosThings\""],"NewsReels":["misp-galaxy:malpedia=\"NewsReels\""],"Nexster Bot":["misp-galaxy:malpedia=\"Nexster Bot\""],"NexusLogger":["misp-galaxy:malpedia=\"NexusLogger\""],"Ngioweb":["misp-galaxy:malpedia=\"Ngioweb\""],"NgrBot":["misp-galaxy:malpedia=\"NgrBot\""],"Nitol":["misp-galaxy:malpedia=\"Nitol\""],"NjRAT":["misp-galaxy:malpedia=\"NjRAT\""],"Bladabindi":["misp-galaxy:malpedia=\"NjRAT\"","misp-galaxy:tool=\"njRAT\""],"Nocturnal Stealer":["misp-galaxy:malpedia=\"Nocturnal Stealer\"","misp-galaxy:stealer=\"Nocturnal Stealer\""],"Nokki":["misp-galaxy:malpedia=\"Nokki\""],"Nozelesn (Decryptor)":["misp-galaxy:malpedia=\"Nozelesn (Decryptor)\""],"Nymaim":["misp-galaxy:malpedia=\"Nymaim\"","misp-galaxy:tool=\"Nymaim\""],"nymain":["misp-galaxy:malpedia=\"Nymaim\""],"Nymaim2":["misp-galaxy:malpedia=\"Nymaim2\""],"OLDBAIT":["misp-galaxy:malpedia=\"OLDBAIT\"","misp-galaxy:mitre-enterprise-attack-malware=\"OLDBAIT - S0138\"","misp-galaxy:mitre-malware=\"OLDBAIT - S0138\"","misp-galaxy:tool=\"OLDBAIT\""],"Sasfis":["misp-galaxy:malpedia=\"OLDBAIT\"","misp-galaxy:malpedia=\"Sasfis\"","misp-galaxy:mitre-enterprise-attack-malware=\"OLDBAIT - S0138\"","misp-galaxy:mitre-malware=\"OLDBAIT - S0138\"","misp-galaxy:tool=\"OLDBAIT\""],"ONHAT":["misp-galaxy:malpedia=\"ONHAT\""],"ORANGEADE":["misp-galaxy:malpedia=\"ORANGEADE\""],"OceanLotus":["misp-galaxy:malpedia=\"OceanLotus\"","misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"Oceansalt":["misp-galaxy:malpedia=\"Oceansalt\""],"Octopus":["misp-galaxy:malpedia=\"Octopus\"","misp-galaxy:mitre-malware=\"Octopus - S0340\""],"OddJob":["misp-galaxy:malpedia=\"OddJob\""],"Odinaff":["misp-galaxy:malpedia=\"Odinaff\"","misp-galaxy:tool=\"Odinaff\""],"OilRig":["misp-galaxy:malpedia=\"OilRig\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig - G0049\"","misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\"","misp-galaxy:threat-actor=\"CHRYSENE\"","misp-galaxy:threat-actor=\"OilRig\""],"Olympic Destroyer":["misp-galaxy:malpedia=\"Olympic Destroyer\"","misp-galaxy:mitre-malware=\"Olympic Destroyer - S0365\"","misp-galaxy:tool=\"Olympic Destroyer\""],"Olyx":["misp-galaxy:malpedia=\"Olyx\""],"OmniRAT":["misp-galaxy:malpedia=\"OmniRAT\"","misp-galaxy:rat=\"OmniRAT\""],"OneKeyLocker":["misp-galaxy:malpedia=\"OneKeyLocker\""],"OnionDuke":["misp-galaxy:malpedia=\"OnionDuke\"","misp-galaxy:mitre-enterprise-attack-malware=\"OnionDuke - S0052\"","misp-galaxy:mitre-malware=\"OnionDuke - S0052\""],"OnlinerSpambot":["misp-galaxy:malpedia=\"OnlinerSpambot\""],"Onliner":["misp-galaxy:malpedia=\"OnlinerSpambot\""],"SBot":["misp-galaxy:malpedia=\"OnlinerSpambot\""],"OopsIE":["misp-galaxy:malpedia=\"OopsIE\"","misp-galaxy:mitre-malware=\"OopsIE - S0264\""],"OpBlockBuster":["misp-galaxy:malpedia=\"OpBlockBuster\""],"OpGhoul":["misp-galaxy:malpedia=\"OpGhoul\""],"Opachki":["misp-galaxy:malpedia=\"Opachki\""],"OrcaRAT":["misp-galaxy:malpedia=\"OrcaRAT\""],"Orcus RAT":["misp-galaxy:malpedia=\"Orcus RAT\""],"Ordinypt":["misp-galaxy:malpedia=\"Ordinypt\"","misp-galaxy:tool=\"Ordinypt\""],"Outlook Backdoor":["misp-galaxy:malpedia=\"Outlook Backdoor\""],"Overlay RAT":["misp-galaxy:malpedia=\"Overlay RAT\""],"OvidiyStealer":["misp-galaxy:malpedia=\"OvidiyStealer\""],"PAS":["misp-galaxy:malpedia=\"PAS\""],"PC Surveillance System":["misp-galaxy:malpedia=\"PC Surveillance System\""],"PSS":["misp-galaxy:malpedia=\"PC Surveillance System\""],"PHOREAL":["misp-galaxy:malpedia=\"PHOREAL\"","misp-galaxy:mitre-enterprise-attack-malware=\"PHOREAL - S0158\"","misp-galaxy:mitre-malware=\"PHOREAL - S0158\""],"Rizzo":["misp-galaxy:malpedia=\"PHOREAL\""],"PLAINTEE":["misp-galaxy:malpedia=\"PLAINTEE\"","misp-galaxy:mitre-malware=\"PLAINTEE - S0254\"","misp-galaxy:tool=\"PLAINTEE\""],"PLEAD":["misp-galaxy:malpedia=\"PLEAD\"","misp-galaxy:tool=\"PLEAD\""],"TSCookie":["misp-galaxy:malpedia=\"PLEAD\"","misp-galaxy:tool=\"TSCookie\""],"POSHSPY":["misp-galaxy:malpedia=\"POSHSPY\"","misp-galaxy:mitre-enterprise-attack-malware=\"POSHSPY - S0150\"","misp-galaxy:mitre-malware=\"POSHSPY - S0150\""],"POWERPIPE":["misp-galaxy:malpedia=\"POWERPIPE\""],"POWERSOURCE":["misp-galaxy:malpedia=\"POWERSOURCE\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-malware=\"POWERSOURCE - S0145\""],"POWERSTATS":["misp-galaxy:malpedia=\"POWERSTATS\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWERSTATS - S0223\"","misp-galaxy:mitre-malware=\"POWERSTATS - S0223\""],"Valyria":["misp-galaxy:malpedia=\"POWERSTATS\""],"POWRUNER":["misp-galaxy:malpedia=\"POWRUNER\"","misp-galaxy:mitre-enterprise-attack-malware=\"POWRUNER - S0184\"","misp-galaxy:mitre-malware=\"POWRUNER - S0184\""],"PadCrypt":["misp-galaxy:malpedia=\"PadCrypt\"","misp-galaxy:ransomware=\"PadCrypt\""],"PandaBanker":["misp-galaxy:malpedia=\"PandaBanker\""],"ZeusPanda":["misp-galaxy:malpedia=\"PandaBanker\""],"Patcher":["misp-galaxy:malpedia=\"Patcher\"","misp-galaxy:ransomware=\"FileCoder\"","misp-galaxy:ransomware=\"Patcher\""],"FileCoder":["misp-galaxy:malpedia=\"Patcher\"","misp-galaxy:ransomware=\"FileCoder\""],"Findzip":["misp-galaxy:malpedia=\"Patcher\""],"Peepy RAT":["misp-galaxy:malpedia=\"Peepy RAT\""],"Penco":["misp-galaxy:malpedia=\"Penco\""],"Penquin Turla":["misp-galaxy:malpedia=\"Penquin Turla\""],"PerlBot":["misp-galaxy:malpedia=\"PerlBot\""],"DDoS Perl IrcBot":["misp-galaxy:malpedia=\"PerlBot\""],"ShellBot":["misp-galaxy:malpedia=\"PerlBot\""],"PetrWrap":["misp-galaxy:malpedia=\"PetrWrap\""],"Petya":["misp-galaxy:malpedia=\"Petya\"","misp-galaxy:ransomware=\"Petya\""],"PhanDoor":["misp-galaxy:malpedia=\"PhanDoor\""],"Philadephia Ransom":["misp-galaxy:malpedia=\"Philadephia Ransom\""],"Phorpiex":["misp-galaxy:malpedia=\"Phorpiex\""],"Trik":["misp-galaxy:malpedia=\"Phorpiex\""],"PintSized":["misp-galaxy:malpedia=\"PintSized\""],"Pirrit":["misp-galaxy:malpedia=\"Pirrit\""],"Pitou":["misp-galaxy:malpedia=\"Pitou\""],"PittyTiger RAT":["misp-galaxy:malpedia=\"PittyTiger RAT\""],"Pkybot":["misp-galaxy:malpedia=\"Pkybot\""],"Bublik":["misp-galaxy:malpedia=\"Pkybot\""],"Pykbot":["misp-galaxy:malpedia=\"Pkybot\""],"TBag":["misp-galaxy:malpedia=\"Pkybot\""],"Plexor":["misp-galaxy:malpedia=\"Plexor\"","misp-galaxy:tool=\"Plexor\""],"Ploutus ATM":["misp-galaxy:malpedia=\"Ploutus ATM\""],"PlugX":["misp-galaxy:malpedia=\"PlugX\"","misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\"","misp-galaxy:rat=\"PlugX\"","misp-galaxy:tool=\"PlugX\""],"Korplug":["misp-galaxy:malpedia=\"PlugX\"","misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\"","misp-galaxy:rat=\"PlugX\"","misp-galaxy:tool=\"PlugX\""],"Poison Ivy":["misp-galaxy:malpedia=\"Poison Ivy\"","misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\"","misp-galaxy:rat=\"PoisonIvy\"","misp-galaxy:tool=\"Poison Ivy\""],"pivy":["misp-galaxy:malpedia=\"Poison Ivy\""],"poisonivy":["misp-galaxy:malpedia=\"Poison Ivy\"","misp-galaxy:tool=\"poisonivy\""],"Polyglot":["misp-galaxy:malpedia=\"Polyglot\"","misp-galaxy:ransomware=\"Polyglot\""],"Pony":["misp-galaxy:malpedia=\"Pony\"","misp-galaxy:tool=\"Hancitor\""],"Fareit":["misp-galaxy:malpedia=\"Pony\"","misp-galaxy:tool=\"Fareit\""],"Siplog":["misp-galaxy:malpedia=\"Pony\""],"PoohMilk Loader":["misp-galaxy:malpedia=\"PoohMilk Loader\""],"Popcorn Time":["misp-galaxy:malpedia=\"Popcorn Time\""],"PoshC2":["misp-galaxy:malpedia=\"PoshC2\"","misp-galaxy:mitre-tool=\"PoshC2 - S0378\""],"Poweliks Dropper":["misp-galaxy:malpedia=\"Poweliks Dropper\""],"PowerDuke":["misp-galaxy:malpedia=\"PowerDuke\"","misp-galaxy:mitre-enterprise-attack-malware=\"PowerDuke - S0139\"","misp-galaxy:mitre-malware=\"PowerDuke - S0139\""],"PowerPool":["misp-galaxy:malpedia=\"PowerPool\"","misp-galaxy:threat-actor=\"PowerPool\""],"PowerRatankba":["misp-galaxy:malpedia=\"PowerRatankba\"","misp-galaxy:tool=\"PowerRatankba\""],"PowerSpritz":["misp-galaxy:malpedia=\"PowerSpritz\"","misp-galaxy:tool=\"PowerSpritz\""],"PowerWare":["misp-galaxy:malpedia=\"PowerWare\"","misp-galaxy:ransomware=\"PowerWare\""],"Powersniff":["misp-galaxy:malpedia=\"Powersniff\""],"Powmet":["misp-galaxy:malpedia=\"Powmet\""],"Predator The Thief":["misp-galaxy:malpedia=\"Predator The Thief\""],"Premier RAT":["misp-galaxy:malpedia=\"Premier RAT\""],"PresFox":["misp-galaxy:malpedia=\"PresFox\""],"Prikorma":["misp-galaxy:malpedia=\"Prikorma\""],"Prilex":["misp-galaxy:malpedia=\"Prilex\""],"PrincessLocker":["misp-galaxy:malpedia=\"PrincessLocker\""],"Project Alice":["misp-galaxy:malpedia=\"Project Alice\""],"AliceATM":["misp-galaxy:malpedia=\"Project Alice\""],"PrAlice":["misp-galaxy:malpedia=\"Project Alice\""],"Proton RAT":["misp-galaxy:malpedia=\"Proton RAT\""],"Calisto":["misp-galaxy:malpedia=\"Proton RAT\"","misp-galaxy:mitre-malware=\"Calisto - S0274\""],"PsiX":["misp-galaxy:malpedia=\"PsiX\""],"Pteranodon":["misp-galaxy:malpedia=\"Pteranodon\"","misp-galaxy:mitre-enterprise-attack-malware=\"Pteranodon - S0147\"","misp-galaxy:mitre-malware=\"Pteranodon - S0147\""],"PubNubRAT":["misp-galaxy:malpedia=\"PubNubRAT\""],"Punkey POS":["misp-galaxy:malpedia=\"Punkey POS\""],"Putabmow":["misp-galaxy:malpedia=\"Putabmow\""],"PvzOut":["misp-galaxy:malpedia=\"PvzOut\""],"Pwnet":["misp-galaxy:malpedia=\"Pwnet\"","misp-galaxy:tool=\"Pwnet\""],"PyLocky":["misp-galaxy:malpedia=\"PyLocky\""],"Locky Locker":["misp-galaxy:malpedia=\"PyLocky\""],"Pykspa":["misp-galaxy:malpedia=\"Pykspa\""],"QHost":["misp-galaxy:malpedia=\"QHost\""],"Tolouge":["misp-galaxy:malpedia=\"QHost\""],"QRat":["misp-galaxy:malpedia=\"QRat\""],"Quaverse RAT":["misp-galaxy:malpedia=\"QRat\""],"QUADAGENT":["misp-galaxy:malpedia=\"QUADAGENT\"","misp-galaxy:mitre-malware=\"QUADAGENT - S0269\""],"Qaccel":["misp-galaxy:malpedia=\"Qaccel\""],"QakBot":["misp-galaxy:malpedia=\"QakBot\""],"Qbot":["misp-galaxy:malpedia=\"QakBot\"","misp-galaxy:tool=\"Akbot\""],"Qarallax RAT":["misp-galaxy:malpedia=\"Qarallax RAT\""],"Qealler":["misp-galaxy:malpedia=\"Qealler\""],"QtBot":["misp-galaxy:malpedia=\"QtBot\""],"qtproject":["misp-galaxy:malpedia=\"QtBot\""],"Quant Loader":["misp-galaxy:malpedia=\"Quant Loader\"","misp-galaxy:tool=\"Quant Loader\""],"Quasar RAT":["misp-galaxy:malpedia=\"Quasar RAT\"","misp-galaxy:rat=\"Quasar RAT\""],"Qulab":["misp-galaxy:malpedia=\"Qulab\""],"RCS":["misp-galaxy:malpedia=\"RCS\""],"Remote Control System":["misp-galaxy:malpedia=\"RCS\""],"RGDoor":["misp-galaxy:malpedia=\"RGDoor\"","misp-galaxy:mitre-malware=\"RGDoor - S0258\""],"RMS":["misp-galaxy:malpedia=\"RMS\""],"Remote Manipulator System":["misp-galaxy:malpedia=\"RMS\""],"RTM":["misp-galaxy:malpedia=\"RTM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"RTM - G0048\"","misp-galaxy:mitre-enterprise-attack-malware=\"RTM - S0148\"","misp-galaxy:mitre-intrusion-set=\"RTM - G0048\"","misp-galaxy:mitre-malware=\"RTM - S0148\"","misp-galaxy:threat-actor=\"RTM\""],"RadRAT":["misp-galaxy:malpedia=\"RadRAT\"","misp-galaxy:rat=\"RadRAT\""],"Radamant":["misp-galaxy:malpedia=\"Radamant\"","misp-galaxy:ransomware=\"Radamant\""],"Rakhni":["misp-galaxy:malpedia=\"Rakhni\"","misp-galaxy:ransomware=\"Bandarchor\"","misp-galaxy:ransomware=\"Rakhni\""],"Rakos":["misp-galaxy:malpedia=\"Rakos\""],"Rambo":["misp-galaxy:malpedia=\"Rambo\""],"brebsd":["misp-galaxy:malpedia=\"Rambo\""],"Ramdo":["misp-galaxy:malpedia=\"Ramdo\""],"Ranscam":["misp-galaxy:malpedia=\"Ranscam\"","misp-galaxy:ransomware=\"CryptoFinancial\""],"Ransoc":["misp-galaxy:malpedia=\"Ransoc\"","misp-galaxy:ransomware=\"Ransoc\""],"Ransomlock":["misp-galaxy:malpedia=\"Ransomlock\""],"WinLock":["misp-galaxy:malpedia=\"Ransomlock\""],"Rapid Ransom":["misp-galaxy:malpedia=\"Rapid Ransom\""],"RapidStealer":["misp-galaxy:malpedia=\"RapidStealer\""],"Rarog":["misp-galaxy:malpedia=\"Rarog\""],"RatabankaPOS":["misp-galaxy:malpedia=\"RatabankaPOS\""],"Ratty":["misp-galaxy:malpedia=\"Ratty\"","misp-galaxy:rat=\"Ratty\""],"RawPOS":["misp-galaxy:malpedia=\"RawPOS\"","misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"Raxir":["misp-galaxy:malpedia=\"Raxir\""],"Reaver":["misp-galaxy:malpedia=\"Reaver\"","misp-galaxy:mitre-enterprise-attack-malware=\"Reaver - S0172\"","misp-galaxy:mitre-malware=\"Reaver - S0172\"","misp-galaxy:tool=\"Reaver\""],"Red Alert":["misp-galaxy:malpedia=\"Red Alert\"","misp-galaxy:ransomware=\"Red Alert\""],"Red Gambler":["misp-galaxy:malpedia=\"Red Gambler\""],"RedAlpha":["misp-galaxy:malpedia=\"RedAlpha\"","misp-galaxy:threat-actor=\"RedAlpha\""],"RedLeaves":["misp-galaxy:malpedia=\"RedLeaves\"","misp-galaxy:mitre-enterprise-attack-malware=\"RedLeaves - S0153\"","misp-galaxy:mitre-malware=\"RedLeaves - S0153\"","misp-galaxy:rat=\"RedLeaves\""],"Redaman":["misp-galaxy:malpedia=\"Redaman\""],"Redyms":["misp-galaxy:malpedia=\"Redyms\""],"Regin":["misp-galaxy:malpedia=\"Regin\"","misp-galaxy:mitre-enterprise-attack-malware=\"Regin - S0019\"","misp-galaxy:mitre-malware=\"Regin - S0019\"","misp-galaxy:tool=\"Regin\""],"Remcos":["misp-galaxy:malpedia=\"Remcos\"","misp-galaxy:mitre-tool=\"Remcos - S0332\"","misp-galaxy:rat=\"Remcos\""],"Remexi":["misp-galaxy:malpedia=\"Remexi\"","misp-galaxy:mitre-malware=\"Remexi - S0375\""],"Remsec":["misp-galaxy:malpedia=\"Remsec\"","misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-malware=\"Remsec - S0125\""],"Remy":["misp-galaxy:malpedia=\"Remy\""],"Rerdom":["misp-galaxy:malpedia=\"Rerdom\""],"Retadup":["misp-galaxy:malpedia=\"Retadup\""],"Retefe (Android)":["misp-galaxy:malpedia=\"Retefe (Android)\""],"Retefe (Windows)":["misp-galaxy:malpedia=\"Retefe (Windows)\""],"Revenge RAT":["misp-galaxy:malpedia=\"Revenge RAT\""],"Revetrat":["misp-galaxy:malpedia=\"Revenge RAT\""],"Rex":["misp-galaxy:malpedia=\"Rex\""],"Rietspoof":["misp-galaxy:malpedia=\"Rietspoof\""],"Rifdoor":["misp-galaxy:malpedia=\"Rifdoor\""],"Rikamanu":["misp-galaxy:malpedia=\"Rikamanu\""],"Rincux":["misp-galaxy:malpedia=\"Rincux\""],"Ripper ATM":["misp-galaxy:malpedia=\"Ripper ATM\""],"Roaming Mantis":["misp-galaxy:malpedia=\"Roaming Mantis\"","misp-galaxy:threat-actor=\"Roaming Mantis\"","misp-galaxy:tool=\"Roaming Mantis\""],"Rockloader":["misp-galaxy:malpedia=\"Rockloader\""],"Rofin":["misp-galaxy:malpedia=\"Rofin\""],"RogueRobin":["misp-galaxy:malpedia=\"RogueRobin\"","misp-galaxy:mitre-malware=\"RogueRobin - S0270\""],"RogueRobinNET":["misp-galaxy:malpedia=\"RogueRobinNET\""],"RokRAT":["misp-galaxy:malpedia=\"RokRAT\""],"Rokku":["misp-galaxy:malpedia=\"Rokku\"","misp-galaxy:ransomware=\"Rokku\""],"Rombertik":["misp-galaxy:malpedia=\"Rombertik\""],"CarbonGrabber":["misp-galaxy:malpedia=\"Rombertik\""],"Romeo(Alfa,Bravo, ...)":["misp-galaxy:malpedia=\"Romeo(Alfa,Bravo, ...)\""],"Roopirs":["misp-galaxy:malpedia=\"Roopirs\""],"Roseam":["misp-galaxy:malpedia=\"Roseam\""],"RotorCrypt":["misp-galaxy:malpedia=\"RotorCrypt\"","misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"RotoCrypt":["misp-galaxy:malpedia=\"RotorCrypt\"","misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"Rotor":["misp-galaxy:malpedia=\"RotorCrypt\"","misp-galaxy:ransomware=\"Rakhni\""],"Rover":["misp-galaxy:malpedia=\"Rover\"","misp-galaxy:mitre-enterprise-attack-malware=\"Rover - S0090\"","misp-galaxy:mitre-malware=\"Rover - S0090\""],"Rovnix":["misp-galaxy:malpedia=\"Rovnix\"","misp-galaxy:tool=\"Rovnix\""],"BkLoader":["misp-galaxy:malpedia=\"Rovnix\""],"Cidox":["misp-galaxy:malpedia=\"Rovnix\""],"Mayachok":["misp-galaxy:malpedia=\"Rovnix\""],"Royal DNS":["misp-galaxy:malpedia=\"Royal DNS\""],"RoyalCli":["misp-galaxy:malpedia=\"RoyalCli\"","misp-galaxy:tool=\"RoyalCli\""],"Rozena":["misp-galaxy:malpedia=\"Rozena\""],"Ruckguv":["misp-galaxy:malpedia=\"Ruckguv\"","misp-galaxy:tool=\"Ruckguv\""],"Rumish":["misp-galaxy:malpedia=\"Rumish\""],"Rurktar":["misp-galaxy:malpedia=\"Rurktar\"","misp-galaxy:rat=\"Rurktar\""],"RCSU":["misp-galaxy:malpedia=\"Rurktar\""],"Ryuk":["misp-galaxy:malpedia=\"Ryuk\""],"SAGE":["misp-galaxy:malpedia=\"SAGE\""],"Saga":["misp-galaxy:malpedia=\"SAGE\""],"SHAPESHIFT":["misp-galaxy:malpedia=\"SHAPESHIFT\""],"SHARPKNOT":["misp-galaxy:malpedia=\"SHARPKNOT\"","misp-galaxy:tool=\"SHARPKNOT\""],"Bitrep":["misp-galaxy:malpedia=\"SHARPKNOT\""],"SHIPSHAPE":["misp-galaxy:malpedia=\"SHIPSHAPE\"","misp-galaxy:mitre-enterprise-attack-malware=\"SHIPSHAPE - S0028\"","misp-galaxy:mitre-malware=\"SHIPSHAPE - S0028\""],"SMSspy":["misp-galaxy:malpedia=\"SMSspy\""],"SNEEPY":["misp-galaxy:malpedia=\"SNEEPY\""],"ByeByeShell":["misp-galaxy:malpedia=\"SNEEPY\""],"SNS Locker":["misp-galaxy:malpedia=\"SNS Locker\""],"SOUNDBITE":["misp-galaxy:malpedia=\"SOUNDBITE\"","misp-galaxy:mitre-enterprise-attack-malware=\"SOUNDBITE - S0157\"","misp-galaxy:mitre-malware=\"SOUNDBITE - S0157\""],"denis":["misp-galaxy:malpedia=\"SOUNDBITE\""],"SPACESHIP":["misp-galaxy:malpedia=\"SPACESHIP\"","misp-galaxy:mitre-enterprise-attack-malware=\"SPACESHIP - S0035\"","misp-galaxy:mitre-malware=\"SPACESHIP - S0035\""],"SQLRat":["misp-galaxy:malpedia=\"SQLRat\""],"SSHDoor":["misp-galaxy:malpedia=\"SSHDoor\"","misp-galaxy:tool=\"SSHDoor\""],"STOP Ransomware":["misp-galaxy:malpedia=\"STOP Ransomware\"","misp-galaxy:ransomware=\"STOP Ransomware\""],"Djvu":["misp-galaxy:malpedia=\"STOP Ransomware\"","misp-galaxy:ransomware=\"Djvu\""],"Sakula RAT":["misp-galaxy:malpedia=\"Sakula RAT\""],"Sakurel":["misp-galaxy:malpedia=\"Sakula RAT\"","misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\"","misp-galaxy:rat=\"Sakula\"","misp-galaxy:tool=\"Sakula\""],"Salgorea":["misp-galaxy:malpedia=\"Salgorea\""],"SamSam":["misp-galaxy:malpedia=\"SamSam\"","misp-galaxy:mitre-malware=\"SamSam - S0370\"","misp-galaxy:ransomware=\"Samas-Samsam\""],"Sanny":["misp-galaxy:malpedia=\"Sanny\""],"Daws":["misp-galaxy:malpedia=\"Sanny\""],"Saphyra":["misp-galaxy:malpedia=\"Saphyra\""],"SappyCache":["misp-galaxy:malpedia=\"SappyCache\""],"Sarhust":["misp-galaxy:malpedia=\"Sarhust\""],"Hussarini":["misp-galaxy:malpedia=\"Sarhust\""],"Satan Ransomware":["misp-galaxy:malpedia=\"Satan Ransomware\"","misp-galaxy:ransomware=\"Satan Ransomware\""],"DBGer":["misp-galaxy:malpedia=\"Satan Ransomware\""],"Lucky Ransomware":["misp-galaxy:malpedia=\"Satan Ransomware\"","misp-galaxy:ransomware=\"Lucky Ransomware\""],"Satana":["misp-galaxy:malpedia=\"Satana\"","misp-galaxy:ransomware=\"Satana\""],"Sathurbot":["misp-galaxy:malpedia=\"Sathurbot\"","misp-galaxy:tool=\"Sathurbot\""],"Sauron Locker":["misp-galaxy:malpedia=\"Sauron Locker\""],"ScanPOS":["misp-galaxy:malpedia=\"ScanPOS\""],"Schneiken":["misp-galaxy:malpedia=\"Schneiken\""],"Scote":["misp-galaxy:malpedia=\"Scote\""],"ScreenLocker":["misp-galaxy:malpedia=\"ScreenLocker\""],"SeDll":["misp-galaxy:malpedia=\"SeDll\""],"SeaDaddy":["misp-galaxy:malpedia=\"SeaDaddy\"","misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\""],"SeaSalt":["misp-galaxy:malpedia=\"SeaSalt\""],"Sedreco":["misp-galaxy:malpedia=\"Sedreco\"","misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"azzy":["misp-galaxy:malpedia=\"Sedreco\""],"eviltoss":["misp-galaxy:malpedia=\"Sedreco\""],"Seduploader":["misp-galaxy:malpedia=\"Seduploader\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:tool=\"GAMEFISH\""],"carberplike":["misp-galaxy:malpedia=\"Seduploader\""],"downrage":["misp-galaxy:malpedia=\"Seduploader\""],"jhuhugit":["misp-galaxy:malpedia=\"Seduploader\""],"jkeyskw":["misp-galaxy:malpedia=\"Seduploader\""],"SendSafe":["misp-galaxy:malpedia=\"SendSafe\""],"Serpico":["misp-galaxy:malpedia=\"Serpico\"","misp-galaxy:ransomware=\"Serpico\""],"ShadowPad":["misp-galaxy:malpedia=\"ShadowPad\"","misp-galaxy:tool=\"ShadowPad\""],"XShellGhost":["misp-galaxy:malpedia=\"ShadowPad\""],"Shakti":["misp-galaxy:malpedia=\"Shakti\""],"ShellBind":["misp-galaxy:malpedia=\"ShellBind\""],"ShellLocker":["misp-galaxy:malpedia=\"ShellLocker\""],"Shifu":["misp-galaxy:malpedia=\"Shifu\"","misp-galaxy:tool=\"Shifu\""],"Shim RAT":["misp-galaxy:malpedia=\"Shim RAT\""],"Shishiga":["misp-galaxy:malpedia=\"Shishiga\""],"Shujin":["misp-galaxy:malpedia=\"Shujin\"","misp-galaxy:ransomware=\"Shujin\""],"Shurl0ckr":["misp-galaxy:malpedia=\"Shurl0ckr\""],"Shylock":["misp-galaxy:malpedia=\"Shylock\""],"Caphaw":["misp-galaxy:malpedia=\"Shylock\""],"SideWinder":["misp-galaxy:malpedia=\"SideWinder\""],"Sierra(Alfa,Bravo, ...)":["misp-galaxy:malpedia=\"Sierra(Alfa,Bravo, ...)\""],"Destover":["misp-galaxy:malpedia=\"Sierra(Alfa,Bravo, ...)\""],"Siggen6":["misp-galaxy:malpedia=\"Siggen6\""],"Silence DDoS":["misp-galaxy:malpedia=\"Silence DDoS\""],"Silence":["misp-galaxy:malpedia=\"Silence\"","misp-galaxy:threat-actor=\"Silence group\"","misp-galaxy:tool=\"Silence\""],"TrueBot":["misp-galaxy:malpedia=\"Silence\""],"Silon":["misp-galaxy:malpedia=\"Silon\""],"Siluhdur":["misp-galaxy:malpedia=\"Siluhdur\""],"iBank":["misp-galaxy:malpedia=\"Simda\""],"Mebroot":["misp-galaxy:malpedia=\"Sinowal\""],"Quarian":["misp-galaxy:malpedia=\"Sinowal\""],"Theola":["misp-galaxy:malpedia=\"Sinowal\""],"Sisfader":["misp-galaxy:malpedia=\"Sisfader\"","misp-galaxy:rat=\"Sisfader\""],"Skarab Ransom":["misp-galaxy:malpedia=\"Skarab Ransom\""],"Skyplex":["misp-galaxy:malpedia=\"Skyplex\""],"Slave":["misp-galaxy:malpedia=\"Slave\""],"Slempo":["misp-galaxy:malpedia=\"Slempo\"","misp-galaxy:tool=\"Slempo\""],"Slingshot":["misp-galaxy:malpedia=\"Slingshot\"","misp-galaxy:threat-actor=\"Slingshot\""],"Slocker":["misp-galaxy:malpedia=\"Slocker\""],"SmokeLoader":["misp-galaxy:malpedia=\"SmokeLoader\"","misp-galaxy:tool=\"Smoke Loader\""],"Dofoil":["misp-galaxy:malpedia=\"SmokeLoader\"","misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"","misp-galaxy:mitre-malware=\"Smoke Loader - S0226\""],"Smrss32 Ransomware":["misp-galaxy:malpedia=\"Smrss32 Ransomware\""],"SnatchLoader":["misp-galaxy:malpedia=\"SnatchLoader\""],"Snojan":["misp-galaxy:malpedia=\"Snojan\""],"Sobaken":["misp-galaxy:malpedia=\"Sobaken\""],"Socks5 Systemz":["misp-galaxy:malpedia=\"Socks5 Systemz\""],"SocksBot":["misp-galaxy:malpedia=\"SocksBot\""],"BIRDDOG":["misp-galaxy:malpedia=\"SocksBot\""],"Nadrac":["misp-galaxy:malpedia=\"SocksBot\""],"Solarbot":["misp-galaxy:malpedia=\"Solarbot\""],"Napolar":["misp-galaxy:malpedia=\"Solarbot\""],"Sorgu":["misp-galaxy:malpedia=\"Sorgu\""],"Spamtorte":["misp-galaxy:malpedia=\"Spamtorte\""],"SpeakUp":["misp-galaxy:malpedia=\"SpeakUp\"","misp-galaxy:mitre-malware=\"SpeakUp - S0374\""],"Spedear":["misp-galaxy:malpedia=\"Spedear\""],"Spora":["misp-galaxy:malpedia=\"Spora\""],"SpyBot":["misp-galaxy:malpedia=\"SpyBot\""],"SpyNote":["misp-galaxy:malpedia=\"SpyNote\"","misp-galaxy:rat=\"SpyNote\""],"SquirtDanger":["misp-galaxy:malpedia=\"SquirtDanger\""],"SslMM":["misp-galaxy:malpedia=\"SslMM\"","misp-galaxy:mitre-enterprise-attack-malware=\"SslMM - S0058\"","misp-galaxy:mitre-malware=\"SslMM - S0058\""],"Stabuniq":["misp-galaxy:malpedia=\"Stabuniq\""],"Stampedo":["misp-galaxy:malpedia=\"Stampedo\""],"Stantinko":["misp-galaxy:malpedia=\"Stantinko\""],"StarCruft":["misp-galaxy:malpedia=\"StarCruft\"","misp-galaxy:threat-actor=\"APT37\""],"StarLoader":["misp-galaxy:malpedia=\"StarLoader\""],"StarsyPound":["misp-galaxy:malpedia=\"StarsyPound\""],"StartPage":["misp-galaxy:malpedia=\"StartPage\""],"Easy Television Access Now":["misp-galaxy:malpedia=\"StartPage\""],"Stealth Mango":["misp-galaxy:malpedia=\"Stealth Mango\"","misp-galaxy:mitre-malware=\"Stealth Mango - S0328\""],"StealthAgent":["misp-galaxy:malpedia=\"StealthAgent\""],"StealthWorker Go":["misp-galaxy:malpedia=\"StealthWorker Go\""],"StegoLoader":["misp-galaxy:malpedia=\"StegoLoader\""],"Stinger":["misp-galaxy:malpedia=\"Stinger\""],"Stration":["misp-galaxy:malpedia=\"Stration\""],"Stresspaint":["misp-galaxy:malpedia=\"Stresspaint\""],"StrongPity":["misp-galaxy:malpedia=\"StrongPity\"","misp-galaxy:threat-actor=\"PROMETHIUM\""],"Stuxnet":["misp-galaxy:malpedia=\"Stuxnet\"","misp-galaxy:tool=\"Stuxnet\""],"SunOrcal":["misp-galaxy:malpedia=\"SunOrcal\"","misp-galaxy:tool=\"SunOrcal\""],"Sunless":["misp-galaxy:malpedia=\"Sunless\""],"SuppoBox":["misp-galaxy:malpedia=\"SuppoBox\""],"Bayrob":["misp-galaxy:malpedia=\"SuppoBox\""],"Nivdort":["misp-galaxy:malpedia=\"SuppoBox\""],"SupremeBot":["misp-galaxy:malpedia=\"SupremeBot\""],"BlazeBot":["misp-galaxy:malpedia=\"SupremeBot\""],"Swift?":["misp-galaxy:malpedia=\"Swift?\""],"Sword":["misp-galaxy:malpedia=\"Sword\""],"SynAck":["misp-galaxy:malpedia=\"SynAck\"","misp-galaxy:mitre-malware=\"SynAck - S0242\"","misp-galaxy:ransomware=\"SynAck\""],"SynFlooder":["misp-galaxy:malpedia=\"SynFlooder\""],"SyncCrypt":["misp-galaxy:malpedia=\"SyncCrypt\"","misp-galaxy:ransomware=\"SyncCrypt\""],"Synth Loader":["misp-galaxy:malpedia=\"Synth Loader\""],"Sys10":["misp-galaxy:malpedia=\"Sys10\"","misp-galaxy:mitre-enterprise-attack-malware=\"Sys10 - S0060\"","misp-galaxy:mitre-malware=\"Sys10 - S0060\""],"SysGet":["misp-galaxy:malpedia=\"SysGet\""],"SysScan":["misp-galaxy:malpedia=\"SysScan\""],"Syscon":["misp-galaxy:malpedia=\"Syscon\""],"Sysraw Stealer":["misp-galaxy:malpedia=\"Sysraw Stealer\""],"Clipsa":["misp-galaxy:malpedia=\"Sysraw Stealer\""],"Szribi":["misp-galaxy:malpedia=\"Szribi\""],"TDTESS":["misp-galaxy:malpedia=\"TDTESS\"","misp-galaxy:mitre-enterprise-attack-malware=\"TDTESS - S0164\"","misp-galaxy:mitre-malware=\"TDTESS - S0164\""],"TURNEDUP":["misp-galaxy:malpedia=\"TURNEDUP\"","misp-galaxy:mitre-enterprise-attack-malware=\"TURNEDUP - S0199\"","misp-galaxy:mitre-malware=\"TURNEDUP - S0199\""],"TabMsgSQL":["misp-galaxy:malpedia=\"TabMsgSQL\""],"TalentRAT":["misp-galaxy:malpedia=\"TalentRAT\""],"Assassin RAT":["misp-galaxy:malpedia=\"TalentRAT\""],"Taleret":["misp-galaxy:malpedia=\"Taleret\""],"Tandfuy":["misp-galaxy:malpedia=\"Tandfuy\""],"Tapaoux":["misp-galaxy:malpedia=\"Tapaoux\"","misp-galaxy:threat-actor=\"DarkHotel\""],"Tarsip":["misp-galaxy:malpedia=\"Tarsip\""],"Tater PrivEsc":["misp-galaxy:malpedia=\"Tater PrivEsc\""],"TeamBot":["misp-galaxy:malpedia=\"TeamBot\""],"FINTEAM":["misp-galaxy:malpedia=\"TeamBot\""],"TefoSteal":["misp-galaxy:malpedia=\"TefoSteal\""],"TeleBot":["misp-galaxy:malpedia=\"TeleBot\""],"TeleDoor":["misp-galaxy:malpedia=\"TeleDoor\""],"TeleRAT":["misp-galaxy:malpedia=\"TeleRAT\""],"Tempedreve":["misp-galaxy:malpedia=\"Tempedreve\""],"TemptingCedar Spyware":["misp-galaxy:malpedia=\"TemptingCedar Spyware\""],"Terminator RAT":["misp-galaxy:malpedia=\"Terminator RAT\""],"Fakem RAT":["misp-galaxy:malpedia=\"Terminator RAT\"","misp-galaxy:tool=\"Fakem RAT\""],"Termite":["misp-galaxy:malpedia=\"Termite\""],"TeslaCrypt":["misp-galaxy:malpedia=\"TeslaCrypt\""],"cryptesla":["misp-galaxy:malpedia=\"TeslaCrypt\""],"Thanatos Ransomware":["misp-galaxy:malpedia=\"Thanatos Ransomware\""],"Thanatos":["misp-galaxy:malpedia=\"Thanatos\"","misp-galaxy:ransomware=\"Thanatos\""],"Alphabot":["misp-galaxy:malpedia=\"Thanatos\""],"ThreeByte":["misp-galaxy:malpedia=\"ThreeByte\""],"ThumbThief":["misp-galaxy:malpedia=\"ThumbThief\""],"ThunderShell":["misp-galaxy:malpedia=\"ThunderShell\""],"Thunker":["misp-galaxy:malpedia=\"Thunker\""],"Tidepool":["misp-galaxy:malpedia=\"Tidepool\""],"Illi":["misp-galaxy:malpedia=\"Tinba\""],"TinyLoader":["misp-galaxy:malpedia=\"TinyLoader\""],"TinyMet":["misp-galaxy:malpedia=\"TinyMet\""],"TiniMet":["misp-galaxy:malpedia=\"TinyMet\""],"TinyTyphon":["misp-galaxy:malpedia=\"TinyTyphon\"","misp-galaxy:tool=\"TinyTyphon\""],"TinyZ":["misp-galaxy:malpedia=\"TinyZ\""],"Catelites Android Bot":["misp-galaxy:malpedia=\"TinyZ\""],"MarsElite Android Bot":["misp-galaxy:malpedia=\"TinyZ\""],"TinyZbot":["misp-galaxy:malpedia=\"TinyZbot\""],"Tiop":["misp-galaxy:malpedia=\"Tiop\""],"Titan":["misp-galaxy:malpedia=\"Titan\""],"TorrentLocker":["misp-galaxy:malpedia=\"TorrentLocker\"","misp-galaxy:ransomware=\"TorrentLocker\""],"TreasureHunter":["misp-galaxy:malpedia=\"TreasureHunter\""],"huntpos":["misp-galaxy:malpedia=\"TreasureHunter\""],"Triada":["misp-galaxy:malpedia=\"Triada\""],"TrickBot":["misp-galaxy:malpedia=\"TrickBot\"","misp-galaxy:mitre-malware=\"TrickBot - S0266\"","misp-galaxy:tool=\"Trick Bot\""],"TheTrick":["misp-galaxy:malpedia=\"TrickBot\""],"TrickLoader":["misp-galaxy:malpedia=\"TrickBot\"","misp-galaxy:tool=\"Trick Bot\""],"Triton":["misp-galaxy:malpedia=\"Triton\""],"HatMan":["misp-galaxy:malpedia=\"Triton\""],"Trisis":["misp-galaxy:malpedia=\"Triton\""],"Trochilus RAT":["misp-galaxy:malpedia=\"Trochilus RAT\""],"Troldesh":["misp-galaxy:malpedia=\"Troldesh\""],"Shade":["misp-galaxy:malpedia=\"Troldesh\""],"Trump Bot":["misp-galaxy:malpedia=\"Trump Bot\""],"Trump Ransom":["misp-galaxy:malpedia=\"Trump Ransom\""],"Tsifiri":["misp-galaxy:malpedia=\"Tsifiri\""],"Tsunami (ELF)":["misp-galaxy:malpedia=\"Tsunami (ELF)\""],"Amnesia":["misp-galaxy:malpedia=\"Tsunami (ELF)\"","misp-galaxy:malpedia=\"Tsunami\""],"Radiation":["misp-galaxy:malpedia=\"Tsunami (ELF)\"","misp-galaxy:malpedia=\"Tsunami\""],"Tsunami (OS X)":["misp-galaxy:malpedia=\"Tsunami (OS X)\""],"Tsunami":["misp-galaxy:malpedia=\"Tsunami\""],"Turla RAT":["misp-galaxy:malpedia=\"Turla RAT\""],"TwoFace":["misp-galaxy:malpedia=\"TwoFace\"","misp-galaxy:tool=\"TwoFace\""],"HyperShell":["misp-galaxy:malpedia=\"TwoFace\""],"Tyupkin":["misp-galaxy:malpedia=\"Tyupkin\""],"UACMe":["misp-galaxy:malpedia=\"UACMe\"","misp-galaxy:mitre-enterprise-attack-tool=\"UACMe - S0116\"","misp-galaxy:mitre-tool=\"UACMe - S0116\""],"Akagi":["misp-galaxy:malpedia=\"UACMe\""],"UDPoS":["misp-galaxy:malpedia=\"UDPoS\""],"UFR Stealer":["misp-galaxy:malpedia=\"UFR Stealer\""],"Usteal":["misp-galaxy:malpedia=\"UFR Stealer\""],"UPAS":["misp-galaxy:malpedia=\"UPAS\""],"Rombrast":["misp-galaxy:malpedia=\"UPAS\""],"Uiwix":["misp-galaxy:malpedia=\"Uiwix\""],"Umbreon":["misp-galaxy:malpedia=\"Umbreon\"","misp-galaxy:mitre-enterprise-attack-malware=\"Umbreon - S0221\"","misp-galaxy:mitre-malware=\"Umbreon - S0221\"","misp-galaxy:tool=\"Umbreon\""],"Espeon":["misp-galaxy:malpedia=\"Umbreon\""],"Unidentified 001":["misp-galaxy:malpedia=\"Unidentified 001\""],"Unidentified 003":["misp-galaxy:malpedia=\"Unidentified 003\""],"Unidentified 006":["misp-galaxy:malpedia=\"Unidentified 006\""],"Unidentified 013 (Korean)":["misp-galaxy:malpedia=\"Unidentified 013 (Korean)\""],"Unidentified 020 (Vault7)":["misp-galaxy:malpedia=\"Unidentified 020 (Vault7)\""],"Unidentified 022 (Ransom)":["misp-galaxy:malpedia=\"Unidentified 022 (Ransom)\""],"Unidentified 023":["misp-galaxy:malpedia=\"Unidentified 023\""],"Unidentified 024 (Ransomware)":["misp-galaxy:malpedia=\"Unidentified 024 (Ransomware)\""],"Unidentified 025 (Clickfraud)":["misp-galaxy:malpedia=\"Unidentified 025 (Clickfraud)\""],"Unidentified 028":["misp-galaxy:malpedia=\"Unidentified 028\""],"Unidentified 029":["misp-galaxy:malpedia=\"Unidentified 029\""],"Unidentified 031":["misp-galaxy:malpedia=\"Unidentified 031\""],"Unidentified 032":["misp-galaxy:malpedia=\"Unidentified 032\""],"Unidentified 033":["misp-galaxy:malpedia=\"Unidentified 033\""],"Unidentified 035":["misp-galaxy:malpedia=\"Unidentified 035\""],"Unidentified 037":["misp-galaxy:malpedia=\"Unidentified 037\""],"Unidentified 038":["misp-galaxy:malpedia=\"Unidentified 038\""],"Unidentified 039":["misp-galaxy:malpedia=\"Unidentified 039\""],"Unidentified 041":["misp-galaxy:malpedia=\"Unidentified 041\""],"Unidentified 042":["misp-galaxy:malpedia=\"Unidentified 042\""],"Unidentified 044":["misp-galaxy:malpedia=\"Unidentified 044\""],"Unidentified 045":["misp-galaxy:malpedia=\"Unidentified 045\""],"Unidentified 046":["misp-galaxy:malpedia=\"Unidentified 046\""],"Unidentified 047":["misp-galaxy:malpedia=\"Unidentified 047\""],"Unidentified 048 (Lazarus?)":["misp-galaxy:malpedia=\"Unidentified 048 (Lazarus?)\""],"Unidentified 049 (Lazarus\/RAT)":["misp-galaxy:malpedia=\"Unidentified 049 (Lazarus\/RAT)\""],"Unidentified 050 (APT32 Profiler)":["misp-galaxy:malpedia=\"Unidentified 050 (APT32 Profiler)\""],"Unidentified 051":["misp-galaxy:malpedia=\"Unidentified 051\""],"Unidentified 052":["misp-galaxy:malpedia=\"Unidentified 052\""],"Unidentified 053 (Wonknu?)":["misp-galaxy:malpedia=\"Unidentified 053 (Wonknu?)\""],"Unidentified 055":["misp-galaxy:malpedia=\"Unidentified 055\""],"Unidentified 057":["misp-galaxy:malpedia=\"Unidentified 057\""],"Unidentified 058":["misp-galaxy:malpedia=\"Unidentified 058\""],"Unidentified APK 001":["misp-galaxy:malpedia=\"Unidentified APK 001\""],"Unidentified APK 002":["misp-galaxy:malpedia=\"Unidentified APK 002\""],"Unidentified ASP 001 (Webshell)":["misp-galaxy:malpedia=\"Unidentified ASP 001 (Webshell)\""],"Unlock92":["misp-galaxy:malpedia=\"Unlock92\""],"Upatre":["misp-galaxy:malpedia=\"Upatre\"","misp-galaxy:tool=\"Upatre\""],"Urausy":["misp-galaxy:malpedia=\"Urausy\""],"UrlZone":["misp-galaxy:malpedia=\"UrlZone\""],"Uroburos (OS X)":["misp-galaxy:malpedia=\"Uroburos (OS X)\""],"Uroburos (Windows)":["misp-galaxy:malpedia=\"Uroburos (Windows)\""],"Snake":["misp-galaxy:malpedia=\"Uroburos (Windows)\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:threat-actor=\"Turla Group\"","misp-galaxy:tool=\"Turla\""],"VMzeus":["misp-galaxy:malpedia=\"VM Zeus\""],"Zberp":["misp-galaxy:malpedia=\"VM Zeus\""],"ZeusVM":["misp-galaxy:malpedia=\"VM Zeus\""],"Catch":["misp-galaxy:malpedia=\"Vawtrak\""],"NeverQuest":["misp-galaxy:malpedia=\"Vawtrak\""],"grabnew":["misp-galaxy:malpedia=\"Vawtrak\""],"VegaLocker":["misp-galaxy:malpedia=\"VegaLocker\""],"Vega":["misp-galaxy:malpedia=\"VegaLocker\""],"Velso Ransomware":["misp-galaxy:malpedia=\"Velso Ransomware\""],"Venus Locker":["misp-galaxy:malpedia=\"Venus Locker\""],"Vermin":["misp-galaxy:malpedia=\"Vermin\""],"Vflooder":["misp-galaxy:malpedia=\"Vflooder\""],"Viper RAT":["misp-galaxy:malpedia=\"Viper RAT\""],"Vobfus":["misp-galaxy:malpedia=\"Vobfus\""],"Volgmer":["misp-galaxy:malpedia=\"Volgmer\"","misp-galaxy:mitre-enterprise-attack-malware=\"Volgmer - S0180\"","misp-galaxy:mitre-malware=\"Volgmer - S0180\"","misp-galaxy:tool=\"Volgmer\""],"FALLCHILL":["misp-galaxy:malpedia=\"Volgmer\"","misp-galaxy:mitre-enterprise-attack-malware=\"FALLCHILL - S0181\"","misp-galaxy:mitre-malware=\"FALLCHILL - S0181\"","misp-galaxy:rat=\"FALLCHILL\""],"Manuscrypt":["misp-galaxy:malpedia=\"Volgmer\""],"Vreikstadi":["misp-galaxy:malpedia=\"Vreikstadi\""],"WMI Ghost":["misp-galaxy:malpedia=\"WMI Ghost\""],"Syndicasec":["misp-galaxy:malpedia=\"WMI Ghost\""],"Wimmie":["misp-galaxy:malpedia=\"WMI Ghost\""],"WMImplant":["misp-galaxy:malpedia=\"WMImplant\""],"WSCSPL":["misp-galaxy:malpedia=\"WSCSPL\""],"WSO":["misp-galaxy:malpedia=\"WSO\""],"Webshell by Orb":["misp-galaxy:malpedia=\"WSO\""],"WallyShack":["misp-galaxy:malpedia=\"WallyShack\""],"WannaCryptor":["misp-galaxy:malpedia=\"WannaCryptor\""],"Wana Decrypt0r":["misp-galaxy:malpedia=\"WannaCryptor\""],"WannaCry":["misp-galaxy:malpedia=\"WannaCryptor\"","misp-galaxy:mitre-malware=\"WannaCry - S0366\"","misp-galaxy:ransomware=\"WannaCry\"","misp-galaxy:ransomware=\"WannaCry\""],"Wcry":["misp-galaxy:malpedia=\"WannaCryptor\""],"WaterMiner":["misp-galaxy:malpedia=\"WaterMiner\""],"WaterSpout":["misp-galaxy:malpedia=\"WaterSpout\""],"WebC2-AdSpace":["misp-galaxy:malpedia=\"WebC2-AdSpace\""],"WebC2-Ausov":["misp-galaxy:malpedia=\"WebC2-Ausov\""],"WebC2-Bolid":["misp-galaxy:malpedia=\"WebC2-Bolid\""],"WebC2-Cson":["misp-galaxy:malpedia=\"WebC2-Cson\""],"WebC2-DIV":["misp-galaxy:malpedia=\"WebC2-DIV\""],"WebC2-GreenCat":["misp-galaxy:malpedia=\"WebC2-GreenCat\""],"WebC2-Head":["misp-galaxy:malpedia=\"WebC2-Head\""],"WebC2-Kt3":["misp-galaxy:malpedia=\"WebC2-Kt3\""],"WebC2-Qbp":["misp-galaxy:malpedia=\"WebC2-Qbp\""],"WebC2-Rave":["misp-galaxy:malpedia=\"WebC2-Rave\""],"WebC2-Table":["misp-galaxy:malpedia=\"WebC2-Table\""],"WebC2-UGX":["misp-galaxy:malpedia=\"WebC2-UGX\""],"WebC2-Yahoo":["misp-galaxy:malpedia=\"WebC2-Yahoo\""],"WebMonitor RAT":["misp-galaxy:malpedia=\"WebMonitor RAT\""],"WildFire":["misp-galaxy:malpedia=\"WildFire\""],"WinMM":["misp-galaxy:malpedia=\"WinMM\"","misp-galaxy:mitre-enterprise-attack-malware=\"WinMM - S0059\"","misp-galaxy:mitre-malware=\"WinMM - S0059\""],"WinPot":["misp-galaxy:malpedia=\"WinPot\""],"ATMPot":["misp-galaxy:malpedia=\"WinPot\""],"WindTail":["misp-galaxy:malpedia=\"WindTail\""],"Winnti (OS X)":["misp-galaxy:malpedia=\"Winnti (OS X)\""],"Winnti (Windows)":["misp-galaxy:malpedia=\"Winnti (Windows)\""],"Winsloader":["misp-galaxy:malpedia=\"Winsloader\""],"Wipbot":["misp-galaxy:malpedia=\"Wipbot\"","misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"WireLurker (OS X)":["misp-galaxy:malpedia=\"WireLurker (OS X)\""],"WireLurker (iOS)":["misp-galaxy:malpedia=\"WireLurker (iOS)\""],"WireX":["misp-galaxy:malpedia=\"WireX\""],"Wirenet (ELF)":["misp-galaxy:malpedia=\"Wirenet (ELF)\""],"Wirenet (OS X)":["misp-galaxy:malpedia=\"Wirenet (OS X)\""],"WndTest":["misp-galaxy:malpedia=\"WndTest\""],"Wonknu":["misp-galaxy:malpedia=\"Wonknu\""],"Woolger":["misp-galaxy:malpedia=\"Woolger\""],"WoolenLogger":["misp-galaxy:malpedia=\"Woolger\""],"X-Agent (Android)":["misp-galaxy:malpedia=\"X-Agent (Android)\""],"Popr-d30":["misp-galaxy:malpedia=\"X-Agent (Android)\""],"X-Agent (ELF)":["misp-galaxy:malpedia=\"X-Agent (ELF)\""],"chopstick":["misp-galaxy:malpedia=\"X-Agent (ELF)\"","misp-galaxy:malpedia=\"X-Agent (Windows)\""],"fysbis":["misp-galaxy:malpedia=\"X-Agent (ELF)\""],"splm":["misp-galaxy:malpedia=\"X-Agent (ELF)\"","misp-galaxy:malpedia=\"X-Agent (Windows)\""],"X-Agent (OS X)":["misp-galaxy:malpedia=\"X-Agent (OS X)\""],"X-Agent (Windows)":["misp-galaxy:malpedia=\"X-Agent (Windows)\""],"X-Tunnel (.NET)":["misp-galaxy:malpedia=\"X-Tunnel (.NET)\""],"X-Tunnel":["misp-galaxy:malpedia=\"X-Tunnel\"","misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\"","misp-galaxy:tool=\"X-Tunnel\""],"xaps":["misp-galaxy:malpedia=\"X-Tunnel\""],"XBTL":["misp-galaxy:malpedia=\"XBTL\""],"XBot POS":["misp-galaxy:malpedia=\"XBot POS\""],"XLoader":["misp-galaxy:malpedia=\"XLoader\"","misp-galaxy:mitre-malware=\"XLoader - S0318\""],"XOR DDoS":["misp-galaxy:malpedia=\"XOR DDoS\""],"XP PrivEsc (CVE-2014-4076)":["misp-galaxy:malpedia=\"XP PrivEsc (CVE-2014-4076)\""],"XPCTRA":["misp-galaxy:malpedia=\"XPCTRA\""],"Expectra":["misp-galaxy:malpedia=\"XPCTRA\""],"XRat":["misp-galaxy:malpedia=\"XRat\""],"XSLCmd":["misp-galaxy:malpedia=\"XSLCmd\""],"Xaynnalc":["misp-galaxy:malpedia=\"Xaynnalc\""],"Xbash":["misp-galaxy:malpedia=\"Xbash\"","misp-galaxy:mitre-malware=\"Xbash - S0341\"","misp-galaxy:tool=\"Xbash\""],"Xpan":["misp-galaxy:malpedia=\"Xpan\""],"Xtreme RAT":["misp-galaxy:malpedia=\"Xtreme RAT\""],"ExtRat":["misp-galaxy:malpedia=\"Xtreme RAT\""],"Xwo":["misp-galaxy:malpedia=\"Xwo\""],"Yahoyah":["misp-galaxy:malpedia=\"Yahoyah\"","misp-galaxy:tool=\"Yahoyah\""],"YellYouth":["misp-galaxy:malpedia=\"YellYouth\""],"Yort":["misp-galaxy:malpedia=\"Yort\""],"YoungLotus":["misp-galaxy:malpedia=\"YoungLotus\""],"DarkShare":["misp-galaxy:malpedia=\"YoungLotus\""],"ZXShell":["misp-galaxy:malpedia=\"ZXShell\"","misp-galaxy:tool=\"ZXShell\""],"Sensocode":["misp-galaxy:malpedia=\"ZXShell\""],"Zebrocy (AutoIT)":["misp-galaxy:malpedia=\"Zebrocy (AutoIT)\""],"Zebrocy":["misp-galaxy:malpedia=\"Zebrocy\"","misp-galaxy:mitre-malware=\"Zebrocy - S0251\"","misp-galaxy:tool=\"Zebrocy\""],"Zekapab":["misp-galaxy:malpedia=\"Zebrocy\"","misp-galaxy:tool=\"Zebrocy\""],"Zedhou":["misp-galaxy:malpedia=\"Zedhou\""],"Zen":["misp-galaxy:malpedia=\"Zen\""],"ZeroAccess":["misp-galaxy:malpedia=\"ZeroAccess\""],"Max++":["misp-galaxy:malpedia=\"ZeroAccess\""],"Sirefef":["misp-galaxy:malpedia=\"ZeroAccess\"","misp-galaxy:tool=\"Sirefef\""],"Smiscer":["misp-galaxy:malpedia=\"ZeroAccess\""],"ZeroEvil":["misp-galaxy:malpedia=\"ZeroEvil\""],"ZeroT":["misp-galaxy:malpedia=\"ZeroT\"","misp-galaxy:mitre-enterprise-attack-malware=\"ZeroT - S0230\"","misp-galaxy:mitre-malware=\"ZeroT - S0230\"","misp-galaxy:tool=\"ZeroT\""],"Zeus MailSniffer":["misp-galaxy:malpedia=\"Zeus MailSniffer\""],"Zeus OpenSSL":["misp-galaxy:malpedia=\"Zeus OpenSSL\""],"XSphinx":["misp-galaxy:malpedia=\"Zeus OpenSSL\""],"Zezin":["misp-galaxy:malpedia=\"Zezin\""],"ZhCat":["misp-galaxy:malpedia=\"ZhCat\""],"ZhMimikatz":["misp-galaxy:malpedia=\"ZhMimikatz\""],"Zloader":["misp-galaxy:malpedia=\"Zloader\""],"DELoader":["misp-galaxy:malpedia=\"Zloader\""],"Terdot":["misp-galaxy:malpedia=\"Zloader\""],"Zollard":["misp-galaxy:malpedia=\"Zollard\""],"darlloz":["misp-galaxy:malpedia=\"Zollard\""],"ZooPark":["misp-galaxy:malpedia=\"ZooPark\"","misp-galaxy:threat-actor=\"ZooPark\""],"ZoxPNG":["misp-galaxy:malpedia=\"ZoxPNG\""],"gresim":["misp-galaxy:malpedia=\"ZoxPNG\""],"Ztorg":["misp-galaxy:malpedia=\"Ztorg\""],"Qysly":["misp-galaxy:malpedia=\"Ztorg\""],"Zyklon":["misp-galaxy:malpedia=\"Zyklon\"","misp-galaxy:ransomware=\"Zyklon\""],"abantes":["misp-galaxy:malpedia=\"abantes\""],"backspace":["misp-galaxy:malpedia=\"backspace\""],"badflick":["misp-galaxy:malpedia=\"badflick\""],"bangat":["misp-galaxy:malpedia=\"bangat\""],"beendoor":["misp-galaxy:malpedia=\"beendoor\""],"c0d0so0":["misp-galaxy:malpedia=\"c0d0so0\""],"concealment_troy":["misp-galaxy:malpedia=\"concealment_troy\""],"elf.vpnfilter":["misp-galaxy:malpedia=\"elf.vpnfilter\""],"elf.wellmess":["misp-galaxy:malpedia=\"elf.wellmess\""],"ext4":["misp-galaxy:malpedia=\"ext4\""],"gamapos":["misp-galaxy:malpedia=\"gamapos\""],"pios":["misp-galaxy:malpedia=\"gamapos\""],"gcman":["misp-galaxy:malpedia=\"gcman\""],"gsecdump":["misp-galaxy:malpedia=\"gsecdump\"","misp-galaxy:mitre-enterprise-attack-tool=\"gsecdump - S0008\"","misp-galaxy:mitre-tool=\"gsecdump - S0008\""],"himan":["misp-galaxy:malpedia=\"himan\""],"homefry":["misp-galaxy:malpedia=\"homefry\""],"htpRAT":["misp-galaxy:malpedia=\"htpRAT\"","misp-galaxy:rat=\"htpRAT\""],"http_troy":["misp-galaxy:malpedia=\"http_troy\""],"httpdropper":["misp-galaxy:malpedia=\"httpdropper\""],"httpdr0pper":["misp-galaxy:malpedia=\"httpdropper\""],"iMuler":["misp-galaxy:malpedia=\"iMuler\""],"Revir":["misp-galaxy:malpedia=\"iMuler\""],"iSpy Keylogger":["misp-galaxy:malpedia=\"iSpy Keylogger\""],"jRAT":["misp-galaxy:malpedia=\"jRAT\"","misp-galaxy:mitre-malware=\"jRAT - S0283\"","misp-galaxy:rat=\"jRAT\""],"Jacksbot":["misp-galaxy:malpedia=\"jRAT\""],"jSpy":["misp-galaxy:malpedia=\"jSpy\"","misp-galaxy:rat=\"jSpy\""],"magecart":["misp-galaxy:malpedia=\"magecart\""],"mozart":["misp-galaxy:malpedia=\"mozart\""],"murkytop":["misp-galaxy:malpedia=\"murkytop\""],"nRansom":["misp-galaxy:malpedia=\"nRansom\""],"nitlove":["misp-galaxy:malpedia=\"nitlove\""],"owaauth":["misp-galaxy:malpedia=\"owaauth\""],"luckyowa":["misp-galaxy:malpedia=\"owaauth\""],"paladin":["misp-galaxy:malpedia=\"paladin\""],"parasite_http":["misp-galaxy:malpedia=\"parasite_http\""],"pgift":["misp-galaxy:malpedia=\"pgift\""],"ReRol":["misp-galaxy:malpedia=\"pgift\""],"pipcreat":["misp-galaxy:malpedia=\"pipcreat\""],"pirpi":["misp-galaxy:malpedia=\"pirpi\""],"playwork":["misp-galaxy:malpedia=\"playwork\""],"ployx":["misp-galaxy:malpedia=\"ployx\""],"pngdowner":["misp-galaxy:malpedia=\"pngdowner\"","misp-galaxy:mitre-enterprise-attack-malware=\"pngdowner - S0067\"","misp-galaxy:mitre-malware=\"pngdowner - S0067\""],"portless":["misp-galaxy:malpedia=\"portless\""],"poscardstealer":["misp-galaxy:malpedia=\"poscardstealer\""],"powerkatz":["misp-galaxy:malpedia=\"powerkatz\""],"prb_backdoor":["misp-galaxy:malpedia=\"prb_backdoor\""],"pupy (ELF)":["misp-galaxy:malpedia=\"pupy (ELF)\""],"pupy (Python)":["misp-galaxy:malpedia=\"pupy (Python)\""],"pupy (Windows)":["misp-galaxy:malpedia=\"pupy (Windows)\""],"pupy":["misp-galaxy:malpedia=\"pupy\""],"pwnpos":["misp-galaxy:malpedia=\"pwnpos\""],"r2r2":["misp-galaxy:malpedia=\"r2r2\""],"r980":["misp-galaxy:malpedia=\"r980\""],"rarstar":["misp-galaxy:malpedia=\"rarstar\""],"rdasrv":["misp-galaxy:malpedia=\"rdasrv\""],"reGeorg":["misp-galaxy:malpedia=\"reGeorg\"","misp-galaxy:tool=\"reGeorg\""],"rock":["misp-galaxy:malpedia=\"rock\""],"yellowalbatross":["misp-galaxy:malpedia=\"rock\""],"rtpos":["misp-galaxy:malpedia=\"rtpos\""],"running_rat":["misp-galaxy:malpedia=\"running_rat\""],"sLoad":["misp-galaxy:malpedia=\"sLoad\""],"scanbox":["misp-galaxy:malpedia=\"scanbox\""],"shadowhammer":["misp-galaxy:malpedia=\"shadowhammer\""],"shareip":["misp-galaxy:malpedia=\"shareip\""],"remotecmd":["misp-galaxy:malpedia=\"shareip\""],"smac":["misp-galaxy:malpedia=\"smac\""],"speccom":["misp-galaxy:malpedia=\"smac\""],"soraya":["misp-galaxy:malpedia=\"soraya\""],"sykipot":["misp-galaxy:malpedia=\"sykipot\""],"getkys":["misp-galaxy:malpedia=\"sykipot\""],"systemd":["misp-galaxy:malpedia=\"systemd\""],"tDiscoverer":["misp-galaxy:malpedia=\"tDiscoverer\""],"tRat":["misp-galaxy:malpedia=\"tRat\""],"taidoor":["misp-galaxy:malpedia=\"taidoor\""],"simbot":["misp-galaxy:malpedia=\"taidoor\""],"vSkimmer":["misp-galaxy:malpedia=\"vSkimmer\""],"vidar":["misp-galaxy:malpedia=\"vidar\""],"virdetdoor":["misp-galaxy:malpedia=\"virdetdoor\""],"w32times":["misp-galaxy:malpedia=\"w32times\""],"win.spynet_rat":["misp-galaxy:malpedia=\"win.spynet_rat\""],"win.unidentified_005":["misp-galaxy:malpedia=\"win.unidentified_005\""],"witchcoven":["misp-galaxy:malpedia=\"witchcoven\""],"woody":["misp-galaxy:malpedia=\"woody\""],"xsPlus":["misp-galaxy:malpedia=\"xsPlus\""],"nokian":["misp-galaxy:malpedia=\"xsPlus\""],"xxmm":["misp-galaxy:malpedia=\"xxmm\""],"ShadowWalker":["misp-galaxy:malpedia=\"xxmm\""],"yayih":["misp-galaxy:malpedia=\"yayih\""],"aumlib":["misp-galaxy:malpedia=\"yayih\""],"bbsinfo":["misp-galaxy:malpedia=\"yayih\""],"yty":["misp-galaxy:malpedia=\"yty\"","misp-galaxy:mitre-malware=\"yty - S0248\""],"BARIUM":["misp-galaxy:microsoft-activity-group=\"BARIUM\""],"DUBNIUM":["misp-galaxy:microsoft-activity-group=\"DUBNIUM\"","misp-galaxy:threat-actor=\"DarkHotel\""],"darkhotel":["misp-galaxy:microsoft-activity-group=\"DUBNIUM\""],"LEAD":["misp-galaxy:microsoft-activity-group=\"LEAD\""],"NEODYMIUM":["misp-galaxy:microsoft-activity-group=\"NEODYMIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"NEODYMIUM - G0055\"","misp-galaxy:mitre-intrusion-set=\"NEODYMIUM - G0055\"","misp-galaxy:threat-actor=\"NEODYMIUM\""],"PLATINUM":["misp-galaxy:microsoft-activity-group=\"PLATINUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PLATINUM - G0068\"","misp-galaxy:mitre-intrusion-set=\"PLATINUM - G0068\"","misp-galaxy:threat-actor=\"PLATINUM\""],"PROMETHIUM":["misp-galaxy:microsoft-activity-group=\"PROMETHIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PROMETHIUM - G0056\"","misp-galaxy:mitre-intrusion-set=\"PROMETHIUM - G0056\"","misp-galaxy:threat-actor=\"PROMETHIUM\""],"STRONTIUM":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"APT 28":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:threat-actor=\"Sofacy\""],"APT28":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Pawn Storm":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Fancy Bear":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Sednit":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\"","misp-galaxy:tool=\"GAMEFISH\""],"TsarTeam":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:threat-actor=\"Sofacy\""],"TG-4127":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Group-4127":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\"","misp-galaxy:threat-actor=\"Sofacy\""],"Grey-Cloud":["misp-galaxy:microsoft-activity-group=\"STRONTIUM\""],"TERBIUM":["misp-galaxy:microsoft-activity-group=\"TERBIUM\"","misp-galaxy:threat-actor=\"TERBIUM\""],"ZIRCONIUM":["misp-galaxy:microsoft-activity-group=\"ZIRCONIUM\"","misp-galaxy:threat-actor=\"APT31\""],"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard":["misp-galaxy:microsoft-activity-group=\"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard\""],"C-Major":["misp-galaxy:microsoft-activity-group=\"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard\"","misp-galaxy:threat-actor=\"Operation C-Major\""],"Transparent Tribe":["misp-galaxy:microsoft-activity-group=\"https:\/\/www.cfr.org\/interactive\/cyber-operations\/mythic-leopard\"","misp-galaxy:threat-actor=\"Operation C-Major\""],".bash_profile and .bashrc - T1156":["misp-galaxy:mitre-attack-pattern=\".bash_profile and .bashrc - T1156\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\".bash_profile and .bashrc - T1156\""],"Abuse Accessibility Features - T1453":["misp-galaxy:mitre-attack-pattern=\"Abuse Accessibility Features - T1453\""],"Abuse Device Administrator Access to Prevent Removal - T1401":["misp-galaxy:mitre-attack-pattern=\"Abuse Device Administrator Access to Prevent Removal - T1401\""],"Abuse of iOS Enterprise App Signing Key - T1445":["misp-galaxy:mitre-attack-pattern=\"Abuse of iOS Enterprise App Signing Key - T1445\""],"Access Calendar Entries - T1435":["misp-galaxy:mitre-attack-pattern=\"Access Calendar Entries - T1435\""],"Access Call Log - T1433":["misp-galaxy:mitre-attack-pattern=\"Access Call Log - T1433\""],"Access Contact List - T1432":["misp-galaxy:mitre-attack-pattern=\"Access Contact List - T1432\""],"Access Sensitive Data in Device Logs - T1413":["misp-galaxy:mitre-attack-pattern=\"Access Sensitive Data in Device Logs - T1413\""],"Access Sensitive Data or Credentials in Files - T1409":["misp-galaxy:mitre-attack-pattern=\"Access Sensitive Data or Credentials in Files - T1409\""],"Access Token Manipulation - T1134":["misp-galaxy:mitre-attack-pattern=\"Access Token Manipulation - T1134\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Access Token Manipulation - T1134\""],"Accessibility Features - T1015":["misp-galaxy:mitre-attack-pattern=\"Accessibility Features - T1015\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Accessibility Features - T1015\""],"Account Discovery - T1087":["misp-galaxy:mitre-attack-pattern=\"Account Discovery - T1087\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Account Discovery - T1087\""],"Account Manipulation - T1098":["misp-galaxy:mitre-attack-pattern=\"Account Manipulation - T1098\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Account Manipulation - T1098\""],"Acquire OSINT data sets and information - T1247":["misp-galaxy:mitre-attack-pattern=\"Acquire OSINT data sets and information - T1247\""],"Acquire OSINT data sets and information - T1266":["misp-galaxy:mitre-attack-pattern=\"Acquire OSINT data sets and information - T1266\""],"Acquire OSINT data sets and information - T1277":["misp-galaxy:mitre-attack-pattern=\"Acquire OSINT data sets and information - T1277\""],"Acquire and\/or use 3rd party infrastructure services - T1307":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - T1307\""],"Acquire and\/or use 3rd party infrastructure services - T1329":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - T1329\""],"Acquire and\/or use 3rd party software services - T1308":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party software services - T1308\""],"Acquire and\/or use 3rd party software services - T1330":["misp-galaxy:mitre-attack-pattern=\"Acquire and\/or use 3rd party software services - T1330\""],"Acquire or compromise 3rd party signing certificates - T1310":["misp-galaxy:mitre-attack-pattern=\"Acquire or compromise 3rd party signing certificates - T1310\""],"Acquire or compromise 3rd party signing certificates - T1332":["misp-galaxy:mitre-attack-pattern=\"Acquire or compromise 3rd party signing certificates - T1332\""],"Aggregate individual's digital footprint - T1275":["misp-galaxy:mitre-attack-pattern=\"Aggregate individual's digital footprint - T1275\""],"Alternate Network Mediums - T1438":["misp-galaxy:mitre-attack-pattern=\"Alternate Network Mediums - T1438\""],"Analyze application security posture - T1293":["misp-galaxy:mitre-attack-pattern=\"Analyze application security posture - T1293\""],"Analyze architecture and configuration posture - T1288":["misp-galaxy:mitre-attack-pattern=\"Analyze architecture and configuration posture - T1288\""],"Analyze business processes - T1301":["misp-galaxy:mitre-attack-pattern=\"Analyze business processes - T1301\""],"Analyze data collected - T1287":["misp-galaxy:mitre-attack-pattern=\"Analyze data collected - T1287\""],"Analyze hardware\/software security defensive capabilities - T1294":["misp-galaxy:mitre-attack-pattern=\"Analyze hardware\/software security defensive capabilities - T1294\""],"Analyze organizational skillsets and deficiencies - T1289":["misp-galaxy:mitre-attack-pattern=\"Analyze organizational skillsets and deficiencies - T1289\""],"Analyze organizational skillsets and deficiencies - T1297":["misp-galaxy:mitre-attack-pattern=\"Analyze organizational skillsets and deficiencies - T1297\""],"Analyze organizational skillsets and deficiencies - T1300":["misp-galaxy:mitre-attack-pattern=\"Analyze organizational skillsets and deficiencies - T1300\""],"Analyze presence of outsourced capabilities - T1303":["misp-galaxy:mitre-attack-pattern=\"Analyze presence of outsourced capabilities - T1303\""],"Analyze social and business relationships, interests, and affiliations - T1295":["misp-galaxy:mitre-attack-pattern=\"Analyze social and business relationships, interests, and affiliations - T1295\""],"Android Intent Hijacking - T1416":["misp-galaxy:mitre-attack-pattern=\"Android Intent Hijacking - T1416\""],"Anonymity services - T1306":["misp-galaxy:mitre-attack-pattern=\"Anonymity services - T1306\""],"App Auto-Start at Device Boot - T1402":["misp-galaxy:mitre-attack-pattern=\"App Auto-Start at Device Boot - T1402\""],"App Delivered via Email Attachment - T1434":["misp-galaxy:mitre-attack-pattern=\"App Delivered via Email Attachment - T1434\""],"App Delivered via Web Download - T1431":["misp-galaxy:mitre-attack-pattern=\"App Delivered via Web Download - T1431\""],"AppCert DLLs - T1182":["misp-galaxy:mitre-attack-pattern=\"AppCert DLLs - T1182\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"AppCert DLLs - T1182\""],"AppInit DLLs - T1103":["misp-galaxy:mitre-attack-pattern=\"AppInit DLLs - T1103\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"AppInit DLLs - T1103\""],"AppleScript - T1155":["misp-galaxy:mitre-attack-pattern=\"AppleScript - T1155\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"AppleScript - T1155\""],"Application Deployment Software - T1017":["misp-galaxy:mitre-attack-pattern=\"Application Deployment Software - T1017\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Application Deployment Software - T1017\""],"Application Discovery - T1418":["misp-galaxy:mitre-attack-pattern=\"Application Discovery - T1418\""],"Application Shimming - T1138":["misp-galaxy:mitre-attack-pattern=\"Application Shimming - T1138\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Application Shimming - T1138\""],"Application Window Discovery - T1010":["misp-galaxy:mitre-attack-pattern=\"Application Window Discovery - T1010\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Application Window Discovery - T1010\""],"Assess KITs\/KIQs benefits - T1229":["misp-galaxy:mitre-attack-pattern=\"Assess KITs\/KIQs benefits - T1229\""],"Assess current holdings, needs, and wants - T1236":["misp-galaxy:mitre-attack-pattern=\"Assess current holdings, needs, and wants - T1236\""],"Assess leadership areas of interest - T1224":["misp-galaxy:mitre-attack-pattern=\"Assess leadership areas of interest - T1224\""],"Assess opportunities created by business deals - T1299":["misp-galaxy:mitre-attack-pattern=\"Assess opportunities created by business deals - T1299\""],"Assess security posture of physical locations - T1302":["misp-galaxy:mitre-attack-pattern=\"Assess security posture of physical locations - T1302\""],"Assess targeting options - T1296":["misp-galaxy:mitre-attack-pattern=\"Assess targeting options - T1296\""],"Assess vulnerability of 3rd party vendors - T1298":["misp-galaxy:mitre-attack-pattern=\"Assess vulnerability of 3rd party vendors - T1298\""],"Assign KITs, KIQs, and\/or intelligence requirements - T1238":["misp-galaxy:mitre-attack-pattern=\"Assign KITs, KIQs, and\/or intelligence requirements - T1238\""],"Assign KITs\/KIQs into categories - T1228":["misp-galaxy:mitre-attack-pattern=\"Assign KITs\/KIQs into categories - T1228\""],"Attack PC via USB Connection - T1427":["misp-galaxy:mitre-attack-pattern=\"Attack PC via USB Connection - T1427\""],"Audio Capture - T1123":["misp-galaxy:mitre-attack-pattern=\"Audio Capture - T1123\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Audio Capture - T1123\""],"Authentication Package - T1131":["misp-galaxy:mitre-attack-pattern=\"Authentication Package - T1131\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Authentication Package - T1131\""],"Authentication attempt - T1381":["misp-galaxy:mitre-attack-pattern=\"Authentication attempt - T1381\""],"Authorized user performs requested cyber action - T1386":["misp-galaxy:mitre-attack-pattern=\"Authorized user performs requested cyber action - T1386\""],"Automated Collection - T1119":["misp-galaxy:mitre-attack-pattern=\"Automated Collection - T1119\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Collection - T1119\""],"Automated Exfiltration - T1020":["misp-galaxy:mitre-attack-pattern=\"Automated Exfiltration - T1020\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Automated Exfiltration - T1020\""],"Automated system performs requested action - T1384":["misp-galaxy:mitre-attack-pattern=\"Automated system performs requested action - T1384\""],"BITS Jobs - T1197":["misp-galaxy:mitre-attack-pattern=\"BITS Jobs - T1197\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"BITS Jobs - T1197\""],"Bash History - T1139":["misp-galaxy:mitre-attack-pattern=\"Bash History - T1139\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Bash History - T1139\""],"Binary Padding - T1009":["misp-galaxy:mitre-attack-pattern=\"Binary Padding - T1009\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Binary Padding - T1009\""],"Biometric Spoofing - T1460":["misp-galaxy:mitre-attack-pattern=\"Biometric Spoofing - T1460\""],"Bootkit - T1067":["misp-galaxy:mitre-attack-pattern=\"Bootkit - T1067\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Bootkit - T1067\""],"Browser Bookmark Discovery - T1217":["misp-galaxy:mitre-attack-pattern=\"Browser Bookmark Discovery - T1217\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Browser Bookmark Discovery - T1217\""],"Browser Extensions - T1176":["misp-galaxy:mitre-attack-pattern=\"Browser Extensions - T1176\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Browser Extensions - T1176\""],"Brute Force - T1110":["misp-galaxy:mitre-attack-pattern=\"Brute Force - T1110\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Brute Force - T1110\""],"Build and configure delivery systems - T1347":["misp-galaxy:mitre-attack-pattern=\"Build and configure delivery systems - T1347\""],"Build or acquire exploits - T1349":["misp-galaxy:mitre-attack-pattern=\"Build or acquire exploits - T1349\""],"Build social network persona - T1341":["misp-galaxy:mitre-attack-pattern=\"Build social network persona - T1341\""],"Buy domain name - T1328":["misp-galaxy:mitre-attack-pattern=\"Buy domain name - T1328\""],"Bypass User Account Control - T1088":["misp-galaxy:mitre-attack-pattern=\"Bypass User Account Control - T1088\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Bypass User Account Control - T1088\""],"C2 protocol development - T1352":["misp-galaxy:mitre-attack-pattern=\"C2 protocol development - T1352\""],"CMSTP - T1191":["misp-galaxy:mitre-attack-pattern=\"CMSTP - T1191\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"CMSTP - T1191\""],"Capture Clipboard Data - T1414":["misp-galaxy:mitre-attack-pattern=\"Capture Clipboard Data - T1414\""],"Capture SMS Messages - T1412":["misp-galaxy:mitre-attack-pattern=\"Capture SMS Messages - T1412\""],"Change Default File Association - T1042":["misp-galaxy:mitre-attack-pattern=\"Change Default File Association - T1042\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Change Default File Association - T1042\""],"Choose pre-compromised mobile app developer account credentials or signing keys - T1391":["misp-galaxy:mitre-attack-pattern=\"Choose pre-compromised mobile app developer account credentials or signing keys - T1391\""],"Choose pre-compromised persona and affiliated accounts - T1343":["misp-galaxy:mitre-attack-pattern=\"Choose pre-compromised persona and affiliated accounts - T1343\""],"Clear Command History - T1146":["misp-galaxy:mitre-attack-pattern=\"Clear Command History - T1146\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Clear Command History - T1146\""],"Clipboard Data - T1115":["misp-galaxy:mitre-attack-pattern=\"Clipboard Data - T1115\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Clipboard Data - T1115\""],"Code Signing - T1116":["misp-galaxy:mitre-attack-pattern=\"Code Signing - T1116\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Code Signing - T1116\""],"Command-Line Interface - T1059":["misp-galaxy:mitre-attack-pattern=\"Command-Line Interface - T1059\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Command-Line Interface - T1059\""],"Common, high volume protocols and software - T1321":["misp-galaxy:mitre-attack-pattern=\"Common, high volume protocols and software - T1321\""],"Commonly Used Port - T1043":["misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1043\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Commonly Used Port - T1043\""],"Commonly Used Port - T1436":["misp-galaxy:mitre-attack-pattern=\"Commonly Used Port - T1436\""],"Communication Through Removable Media - T1092":["misp-galaxy:mitre-attack-pattern=\"Communication Through Removable Media - T1092\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Communication Through Removable Media - T1092\""],"Compile After Delivery - T1500":["misp-galaxy:mitre-attack-pattern=\"Compile After Delivery - T1500\""],"Compiled HTML File - T1223":["misp-galaxy:mitre-attack-pattern=\"Compiled HTML File - T1223\""],"Component Firmware - T1109":["misp-galaxy:mitre-attack-pattern=\"Component Firmware - T1109\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Component Firmware - T1109\""],"Component Object Model Hijacking - T1122":["misp-galaxy:mitre-attack-pattern=\"Component Object Model Hijacking - T1122\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Component Object Model Hijacking - T1122\""],"Compromise 3rd party infrastructure to support delivery - T1312":["misp-galaxy:mitre-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - T1312\""],"Compromise 3rd party infrastructure to support delivery - T1334":["misp-galaxy:mitre-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - T1334\""],"Compromise 3rd party or closed-source vulnerability\/exploit information - T1354":["misp-galaxy:mitre-attack-pattern=\"Compromise 3rd party or closed-source vulnerability\/exploit information - T1354\""],"Compromise of externally facing system - T1388":["misp-galaxy:mitre-attack-pattern=\"Compromise of externally facing system - T1388\""],"Conduct active scanning - T1254":["misp-galaxy:mitre-attack-pattern=\"Conduct active scanning - T1254\""],"Conduct cost\/benefit analysis - T1226":["misp-galaxy:mitre-attack-pattern=\"Conduct cost\/benefit analysis - T1226\""],"Conduct passive scanning - T1253":["misp-galaxy:mitre-attack-pattern=\"Conduct passive scanning - T1253\""],"Conduct social engineering - T1249":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1249\""],"Conduct social engineering - T1268":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1268\""],"Conduct social engineering - T1279":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering - T1279\""],"Conduct social engineering or HUMINT operation - T1376":["misp-galaxy:mitre-attack-pattern=\"Conduct social engineering or HUMINT operation - T1376\""],"Confirmation of launched compromise achieved - T1383":["misp-galaxy:mitre-attack-pattern=\"Confirmation of launched compromise achieved - T1383\""],"Connection Proxy - T1090":["misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Connection Proxy - T1090\""],"Control Panel Items - T1196":["misp-galaxy:mitre-attack-pattern=\"Control Panel Items - T1196\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Control Panel Items - T1196\""],"Create Account - T1136":["misp-galaxy:mitre-attack-pattern=\"Create Account - T1136\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Create Account - T1136\""],"Create backup infrastructure - T1339":["misp-galaxy:mitre-attack-pattern=\"Create backup infrastructure - T1339\""],"Create custom payloads - T1345":["misp-galaxy:mitre-attack-pattern=\"Create custom payloads - T1345\""],"Create implementation plan - T1232":["misp-galaxy:mitre-attack-pattern=\"Create implementation plan - T1232\""],"Create infected removable media - T1355":["misp-galaxy:mitre-attack-pattern=\"Create infected removable media - T1355\""],"Create strategic plan - T1231":["misp-galaxy:mitre-attack-pattern=\"Create strategic plan - T1231\""],"Credential Dumping - T1003":["misp-galaxy:mitre-attack-pattern=\"Credential Dumping - T1003\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Credential Dumping - T1003\""],"Credential pharming - T1374":["misp-galaxy:mitre-attack-pattern=\"Credential pharming - T1374\""],"Credentials in Files - T1081":["misp-galaxy:mitre-attack-pattern=\"Credentials in Files - T1081\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Credentials in Files - T1081\""],"Credentials in Registry - T1214":["misp-galaxy:mitre-attack-pattern=\"Credentials in Registry - T1214\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Credentials in Registry - T1214\""],"Custom Command and Control Protocol - T1094":["misp-galaxy:mitre-attack-pattern=\"Custom Command and Control Protocol - T1094\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Custom Command and Control Protocol - T1094\""],"Custom Cryptographic Protocol - T1024":["misp-galaxy:mitre-attack-pattern=\"Custom Cryptographic Protocol - T1024\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Custom Cryptographic Protocol - T1024\""],"DCShadow - T1207":["misp-galaxy:mitre-attack-pattern=\"DCShadow - T1207\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"DCShadow - T1207\""],"DLL Search Order Hijacking - T1038":["misp-galaxy:mitre-attack-pattern=\"DLL Search Order Hijacking - T1038\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"DLL Search Order Hijacking - T1038\""],"DLL Side-Loading - T1073":["misp-galaxy:mitre-attack-pattern=\"DLL Side-Loading - T1073\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"DLL Side-Loading - T1073\""],"DNS poisoning - T1382":["misp-galaxy:mitre-attack-pattern=\"DNS poisoning - T1382\""],"DNSCalc - T1324":["misp-galaxy:mitre-attack-pattern=\"DNSCalc - T1324\""],"Data Compressed - T1002":["misp-galaxy:mitre-attack-pattern=\"Data Compressed - T1002\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Compressed - T1002\""],"Data Destruction - T1485":["misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\""],"Data Encoding - T1132":["misp-galaxy:mitre-attack-pattern=\"Data Encoding - T1132\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encoding - T1132\""],"Data Encrypted - T1022":["misp-galaxy:mitre-attack-pattern=\"Data Encrypted - T1022\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Encrypted - T1022\""],"Data Encrypted for Impact - T1486":["misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\""],"Data Hiding - T1320":["misp-galaxy:mitre-attack-pattern=\"Data Hiding - T1320\""],"Data Obfuscation - T1001":["misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Obfuscation - T1001\""],"Data Staged - T1074":["misp-galaxy:mitre-attack-pattern=\"Data Staged - T1074\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Staged - T1074\""],"Data Transfer Size Limits - T1030":["misp-galaxy:mitre-attack-pattern=\"Data Transfer Size Limits - T1030\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data Transfer Size Limits - T1030\""],"Data from Information Repositories - T1213":["misp-galaxy:mitre-attack-pattern=\"Data from Information Repositories - T1213\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Information Repositories - T1213\""],"Data from Local System - T1005":["misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Local System - T1005\""],"Data from Network Shared Drive - T1039":["misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Network Shared Drive - T1039\""],"Data from Removable Media - T1025":["misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Data from Removable Media - T1025\""],"Defacement - T1491":["misp-galaxy:mitre-attack-pattern=\"Defacement - T1491\""],"Deliver Malicious App via Authorized App Store - T1475":["misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Authorized App Store - T1475\""],"Deliver Malicious App via Other Means - T1476":["misp-galaxy:mitre-attack-pattern=\"Deliver Malicious App via Other Means - T1476\""],"Deobfuscate\/Decode Files or Information - T1140":["misp-galaxy:mitre-attack-pattern=\"Deobfuscate\/Decode Files or Information - T1140\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Deobfuscate\/Decode Files or Information - T1140\""],"Deploy exploit using advertising - T1380":["misp-galaxy:mitre-attack-pattern=\"Deploy exploit using advertising - T1380\""],"Derive intelligence requirements - T1230":["misp-galaxy:mitre-attack-pattern=\"Derive intelligence requirements - T1230\""],"Detect App Analysis Environment - T1440":["misp-galaxy:mitre-attack-pattern=\"Detect App Analysis Environment - T1440\""],"Determine 3rd party infrastructure services - T1260":["misp-galaxy:mitre-attack-pattern=\"Determine 3rd party infrastructure services - T1260\""],"Determine 3rd party infrastructure services - T1284":["misp-galaxy:mitre-attack-pattern=\"Determine 3rd party infrastructure services - T1284\""],"Determine approach\/attack vector - T1245":["misp-galaxy:mitre-attack-pattern=\"Determine approach\/attack vector - T1245\""],"Determine centralization of IT management - T1285":["misp-galaxy:mitre-attack-pattern=\"Determine centralization of IT management - T1285\""],"Determine domain and IP address space - T1250":["misp-galaxy:mitre-attack-pattern=\"Determine domain and IP address space - T1250\""],"Determine external network trust dependencies - T1259":["misp-galaxy:mitre-attack-pattern=\"Determine external network trust dependencies - T1259\""],"Determine firmware version - T1258":["misp-galaxy:mitre-attack-pattern=\"Determine firmware version - T1258\""],"Determine highest level tactical element - T1243":["misp-galaxy:mitre-attack-pattern=\"Determine highest level tactical element - T1243\""],"Determine operational element - T1242":["misp-galaxy:mitre-attack-pattern=\"Determine operational element - T1242\""],"Determine physical locations - T1282":["misp-galaxy:mitre-attack-pattern=\"Determine physical locations - T1282\""],"Determine secondary level tactical element - T1244":["misp-galaxy:mitre-attack-pattern=\"Determine secondary level tactical element - T1244\""],"Determine strategic target - T1241":["misp-galaxy:mitre-attack-pattern=\"Determine strategic target - T1241\""],"Develop KITs\/KIQs - T1227":["misp-galaxy:mitre-attack-pattern=\"Develop KITs\/KIQs - T1227\""],"Develop social network persona digital footprint - T1342":["misp-galaxy:mitre-attack-pattern=\"Develop social network persona digital footprint - T1342\""],"Device Type Discovery - T1419":["misp-galaxy:mitre-attack-pattern=\"Device Type Discovery - T1419\""],"Device Unlock Code Guessing or Brute Force - T1459":["misp-galaxy:mitre-attack-pattern=\"Device Unlock Code Guessing or Brute Force - T1459\""],"Disabling Security Tools - T1089":["misp-galaxy:mitre-attack-pattern=\"Disabling Security Tools - T1089\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Disabling Security Tools - T1089\""],"Discover new exploits and monitor exploit-provider forums - T1350":["misp-galaxy:mitre-attack-pattern=\"Discover new exploits and monitor exploit-provider forums - T1350\""],"Discover target logon\/email address format - T1255":["misp-galaxy:mitre-attack-pattern=\"Discover target logon\/email address format - T1255\""],"Disguise Root\/Jailbreak Indicators - T1408":["misp-galaxy:mitre-attack-pattern=\"Disguise Root\/Jailbreak Indicators - T1408\""],"Disk Content Wipe - T1488":["misp-galaxy:mitre-attack-pattern=\"Disk Content Wipe - T1488\""],"Disk Structure Wipe - T1487":["misp-galaxy:mitre-attack-pattern=\"Disk Structure Wipe - T1487\""],"Disseminate removable media - T1379":["misp-galaxy:mitre-attack-pattern=\"Disseminate removable media - T1379\""],"Distribute malicious software development tools - T1394":["misp-galaxy:mitre-attack-pattern=\"Distribute malicious software development tools - T1394\""],"Distributed Component Object Model - T1175":["misp-galaxy:mitre-attack-pattern=\"Distributed Component Object Model - T1175\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Distributed Component Object Model - T1175\""],"Domain Fronting - T1172":["misp-galaxy:mitre-attack-pattern=\"Domain Fronting - T1172\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Domain Fronting - T1172\""],"Domain Generation Algorithms (DGA) - T1323":["misp-galaxy:mitre-attack-pattern=\"Domain Generation Algorithms (DGA) - T1323\""],"Domain Generation Algorithms - T1483":["misp-galaxy:mitre-attack-pattern=\"Domain Generation Algorithms - T1483\""],"Domain Trust Discovery - T1482":["misp-galaxy:mitre-attack-pattern=\"Domain Trust Discovery - T1482\""],"Domain registration hijacking - T1326":["misp-galaxy:mitre-attack-pattern=\"Domain registration hijacking - T1326\""],"Downgrade to Insecure Protocols - T1466":["misp-galaxy:mitre-attack-pattern=\"Downgrade to Insecure Protocols - T1466\""],"Download New Code at Runtime - T1407":["misp-galaxy:mitre-attack-pattern=\"Download New Code at Runtime - T1407\""],"Drive-by Compromise - T1189":["misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Drive-by Compromise - T1189\""],"Drive-by Compromise - T1456":["misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1456\""],"Dumpster dive - T1286":["misp-galaxy:mitre-attack-pattern=\"Dumpster dive - T1286\""],"Dylib Hijacking - T1157":["misp-galaxy:mitre-attack-pattern=\"Dylib Hijacking - T1157\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Dylib Hijacking - T1157\""],"Dynamic DNS - T1311":["misp-galaxy:mitre-attack-pattern=\"Dynamic DNS - T1311\""],"Dynamic DNS - T1333":["misp-galaxy:mitre-attack-pattern=\"Dynamic DNS - T1333\""],"Dynamic Data Exchange - T1173":["misp-galaxy:mitre-attack-pattern=\"Dynamic Data Exchange - T1173\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Dynamic Data Exchange - T1173\""],"Eavesdrop on Insecure Network Communication - T1439":["misp-galaxy:mitre-attack-pattern=\"Eavesdrop on Insecure Network Communication - T1439\""],"Email Collection - T1114":["misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Email Collection - T1114\""],"Encrypt Files - T1471":["misp-galaxy:mitre-attack-pattern=\"Encrypt Files - T1471\""],"Encrypt Files for Ransom - T1471":["misp-galaxy:mitre-attack-pattern=\"Encrypt Files for Ransom - T1471\""],"Endpoint Denial of Service - T1499":["misp-galaxy:mitre-attack-pattern=\"Endpoint Denial of Service - T1499\""],"Enumerate client configurations - T1262":["misp-galaxy:mitre-attack-pattern=\"Enumerate client configurations - T1262\""],"Enumerate externally facing software applications technologies, languages, and dependencies - T1261":["misp-galaxy:mitre-attack-pattern=\"Enumerate externally facing software applications technologies, languages, and dependencies - T1261\""],"Execution Guardrails - T1480":["misp-galaxy:mitre-attack-pattern=\"Execution Guardrails - T1480\""],"Execution through API - T1106":["misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Execution through API - T1106\""],"Execution through Module Load - T1129":["misp-galaxy:mitre-attack-pattern=\"Execution through Module Load - T1129\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Execution through Module Load - T1129\""],"Exfiltration Over Alternative Protocol - T1048":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\""],"Exfiltration Over Command and Control Channel - T1041":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\""],"Exfiltration Over Other Network Medium - T1011":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Other Network Medium - T1011\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Other Network Medium - T1011\""],"Exfiltration Over Physical Medium - T1052":["misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Physical Medium - T1052\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exfiltration Over Physical Medium - T1052\""],"Exploit Baseband Vulnerability - T1455":["misp-galaxy:mitre-attack-pattern=\"Exploit Baseband Vulnerability - T1455\""],"Exploit Enterprise Resources - T1428":["misp-galaxy:mitre-attack-pattern=\"Exploit Enterprise Resources - T1428\""],"Exploit OS Vulnerability - T1404":["misp-galaxy:mitre-attack-pattern=\"Exploit OS Vulnerability - T1404\""],"Exploit Public-Facing Application - T1190":["misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploit Public-Facing Application - T1190\""],"Exploit SS7 to Redirect Phone Calls\/SMS - T1449":["misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Redirect Phone Calls\/SMS - T1449\""],"Exploit SS7 to Track Device Location - T1450":["misp-galaxy:mitre-attack-pattern=\"Exploit SS7 to Track Device Location - T1450\""],"Exploit TEE Vulnerability - T1405":["misp-galaxy:mitre-attack-pattern=\"Exploit TEE Vulnerability - T1405\""],"Exploit public-facing application - T1377":["misp-galaxy:mitre-attack-pattern=\"Exploit public-facing application - T1377\""],"Exploit via Charging Station or PC - T1458":["misp-galaxy:mitre-attack-pattern=\"Exploit via Charging Station or PC - T1458\""],"Exploit via Radio Interfaces - T1477":["misp-galaxy:mitre-attack-pattern=\"Exploit via Radio Interfaces - T1477\""],"Exploitation for Client Execution - T1203":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Client Execution - T1203\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Client Execution - T1203\""],"Exploitation for Credential Access - T1212":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Credential Access - T1212\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Credential Access - T1212\""],"Exploitation for Defense Evasion - T1211":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Defense Evasion - T1211\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Defense Evasion - T1211\""],"Exploitation for Privilege Escalation - T1068":["misp-galaxy:mitre-attack-pattern=\"Exploitation for Privilege Escalation - T1068\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation for Privilege Escalation - T1068\""],"Exploitation of Remote Services - T1210":["misp-galaxy:mitre-attack-pattern=\"Exploitation of Remote Services - T1210\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Exploitation of Remote Services - T1210\""],"External Remote Services - T1133":["misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"External Remote Services - T1133\""],"Extra Window Memory Injection - T1181":["misp-galaxy:mitre-attack-pattern=\"Extra Window Memory Injection - T1181\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Extra Window Memory Injection - T1181\""],"Fake Developer Accounts - T1442":["misp-galaxy:mitre-attack-pattern=\"Fake Developer Accounts - T1442\""],"Fallback Channels - T1008":["misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Fallback Channels - T1008\""],"Fast Flux DNS - T1325":["misp-galaxy:mitre-attack-pattern=\"Fast Flux DNS - T1325\""],"File Deletion - T1107":["misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File Deletion - T1107\""],"File Permissions Modification - T1222":["misp-galaxy:mitre-attack-pattern=\"File Permissions Modification - T1222\""],"File System Logical Offsets - T1006":["misp-galaxy:mitre-attack-pattern=\"File System Logical Offsets - T1006\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File System Logical Offsets - T1006\""],"File System Permissions Weakness - T1044":["misp-galaxy:mitre-attack-pattern=\"File System Permissions Weakness - T1044\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File System Permissions Weakness - T1044\""],"File and Directory Discovery - T1083":["misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"File and Directory Discovery - T1083\""],"File and Directory Discovery - T1420":["misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1420\""],"Firmware Corruption - T1495":["misp-galaxy:mitre-attack-pattern=\"Firmware Corruption - T1495\""],"Forced Authentication - T1187":["misp-galaxy:mitre-attack-pattern=\"Forced Authentication - T1187\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Forced Authentication - T1187\""],"Friend\/Follow\/Connect to targets of interest - T1344":["misp-galaxy:mitre-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - T1344\""],"Friend\/Follow\/Connect to targets of interest - T1364":["misp-galaxy:mitre-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - T1364\""],"Gatekeeper Bypass - T1144":["misp-galaxy:mitre-attack-pattern=\"Gatekeeper Bypass - T1144\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Gatekeeper Bypass - T1144\""],"Generate Fraudulent Advertising Revenue - T1472":["misp-galaxy:mitre-attack-pattern=\"Generate Fraudulent Advertising Revenue - T1472\""],"Generate analyst intelligence requirements - T1234":["misp-galaxy:mitre-attack-pattern=\"Generate analyst intelligence requirements - T1234\""],"Graphical User Interface - T1061":["misp-galaxy:mitre-attack-pattern=\"Graphical User Interface - T1061\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Graphical User Interface - T1061\""],"Group Policy Modification - T1484":["misp-galaxy:mitre-attack-pattern=\"Group Policy Modification - T1484\""],"HISTCONTROL - T1148":["misp-galaxy:mitre-attack-pattern=\"HISTCONTROL - T1148\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"HISTCONTROL - T1148\""],"Hardware Additions - T1200":["misp-galaxy:mitre-attack-pattern=\"Hardware Additions - T1200\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hardware Additions - T1200\""],"Hardware or software supply chain implant - T1365":["misp-galaxy:mitre-attack-pattern=\"Hardware or software supply chain implant - T1365\""],"Hidden Files and Directories - T1158":["misp-galaxy:mitre-attack-pattern=\"Hidden Files and Directories - T1158\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hidden Files and Directories - T1158\""],"Hidden Users - T1147":["misp-galaxy:mitre-attack-pattern=\"Hidden Users - T1147\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hidden Users - T1147\""],"Hidden Window - T1143":["misp-galaxy:mitre-attack-pattern=\"Hidden Window - T1143\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hidden Window - T1143\""],"Hooking - T1179":["misp-galaxy:mitre-attack-pattern=\"Hooking - T1179\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hooking - T1179\""],"Host-based hiding techniques - T1314":["misp-galaxy:mitre-attack-pattern=\"Host-based hiding techniques - T1314\""],"Human performs requested action of physical nature - T1385":["misp-galaxy:mitre-attack-pattern=\"Human performs requested action of physical nature - T1385\""],"Hypervisor - T1062":["misp-galaxy:mitre-attack-pattern=\"Hypervisor - T1062\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Hypervisor - T1062\""],"Identify analyst level gaps - T1233":["misp-galaxy:mitre-attack-pattern=\"Identify analyst level gaps - T1233\""],"Identify business processes\/tempo - T1280":["misp-galaxy:mitre-attack-pattern=\"Identify business processes\/tempo - T1280\""],"Identify business relationships - T1272":["misp-galaxy:mitre-attack-pattern=\"Identify business relationships - T1272\""],"Identify business relationships - T1283":["misp-galaxy:mitre-attack-pattern=\"Identify business relationships - T1283\""],"Identify gap areas - T1225":["misp-galaxy:mitre-attack-pattern=\"Identify gap areas - T1225\""],"Identify groups\/roles - T1270":["misp-galaxy:mitre-attack-pattern=\"Identify groups\/roles - T1270\""],"Identify job postings and needs\/gaps - T1248":["misp-galaxy:mitre-attack-pattern=\"Identify job postings and needs\/gaps - T1248\""],"Identify job postings and needs\/gaps - T1267":["misp-galaxy:mitre-attack-pattern=\"Identify job postings and needs\/gaps - T1267\""],"Identify job postings and needs\/gaps - T1278":["misp-galaxy:mitre-attack-pattern=\"Identify job postings and needs\/gaps - T1278\""],"Identify people of interest - T1269":["misp-galaxy:mitre-attack-pattern=\"Identify people of interest - T1269\""],"Identify personnel with an authority\/privilege - T1271":["misp-galaxy:mitre-attack-pattern=\"Identify personnel with an authority\/privilege - T1271\""],"Identify resources required to build capabilities - T1348":["misp-galaxy:mitre-attack-pattern=\"Identify resources required to build capabilities - T1348\""],"Identify security defensive capabilities - T1263":["misp-galaxy:mitre-attack-pattern=\"Identify security defensive capabilities - T1263\""],"Identify sensitive personnel information - T1274":["misp-galaxy:mitre-attack-pattern=\"Identify sensitive personnel information - T1274\""],"Identify supply chains - T1246":["misp-galaxy:mitre-attack-pattern=\"Identify supply chains - T1246\""],"Identify supply chains - T1265":["misp-galaxy:mitre-attack-pattern=\"Identify supply chains - T1265\""],"Identify supply chains - T1276":["misp-galaxy:mitre-attack-pattern=\"Identify supply chains - T1276\""],"Identify technology usage patterns - T1264":["misp-galaxy:mitre-attack-pattern=\"Identify technology usage patterns - T1264\""],"Identify vulnerabilities in third-party software libraries - T1389":["misp-galaxy:mitre-attack-pattern=\"Identify vulnerabilities in third-party software libraries - T1389\""],"Identify web defensive services - T1256":["misp-galaxy:mitre-attack-pattern=\"Identify web defensive services - T1256\""],"Image File Execution Options Injection - T1183":["misp-galaxy:mitre-attack-pattern=\"Image File Execution Options Injection - T1183\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Image File Execution Options Injection - T1183\""],"Indicator Blocking - T1054":["misp-galaxy:mitre-attack-pattern=\"Indicator Blocking - T1054\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indicator Blocking - T1054\""],"Indicator Removal from Tools - T1066":["misp-galaxy:mitre-attack-pattern=\"Indicator Removal from Tools - T1066\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indicator Removal from Tools - T1066\""],"Indicator Removal on Host - T1070":["misp-galaxy:mitre-attack-pattern=\"Indicator Removal on Host - T1070\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indicator Removal on Host - T1070\""],"Indirect Command Execution - T1202":["misp-galaxy:mitre-attack-pattern=\"Indirect Command Execution - T1202\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Indirect Command Execution - T1202\""],"Inhibit System Recovery - T1490":["misp-galaxy:mitre-attack-pattern=\"Inhibit System Recovery - T1490\""],"Input Capture - T1056":["misp-galaxy:mitre-attack-pattern=\"Input Capture - T1056\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Input Capture - T1056\""],"Input Prompt - T1141":["misp-galaxy:mitre-attack-pattern=\"Input Prompt - T1141\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Input Prompt - T1141\""],"Insecure Third-Party Libraries - T1425":["misp-galaxy:mitre-attack-pattern=\"Insecure Third-Party Libraries - T1425\""],"Install Insecure or Malicious Configuration - T1478":["misp-galaxy:mitre-attack-pattern=\"Install Insecure or Malicious Configuration - T1478\""],"Install Root Certificate - T1130":["misp-galaxy:mitre-attack-pattern=\"Install Root Certificate - T1130\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Install Root Certificate - T1130\""],"Install and configure hardware, network, and systems - T1336":["misp-galaxy:mitre-attack-pattern=\"Install and configure hardware, network, and systems - T1336\""],"InstallUtil - T1118":["misp-galaxy:mitre-attack-pattern=\"InstallUtil - T1118\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"InstallUtil - T1118\""],"Jamming or Denial of Service - T1464":["misp-galaxy:mitre-attack-pattern=\"Jamming or Denial of Service - T1464\""],"Kerberoasting - T1208":["misp-galaxy:mitre-attack-pattern=\"Kerberoasting - T1208\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Kerberoasting - T1208\""],"Kernel Modules and Extensions - T1215":["misp-galaxy:mitre-attack-pattern=\"Kernel Modules and Extensions - T1215\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Kernel Modules and Extensions - T1215\""],"Keychain - T1142":["misp-galaxy:mitre-attack-pattern=\"Keychain - T1142\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Keychain - T1142\""],"LC_LOAD_DYLIB Addition - T1161":["misp-galaxy:mitre-attack-pattern=\"LC_LOAD_DYLIB Addition - T1161\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LC_LOAD_DYLIB Addition - T1161\""],"LC_MAIN Hijacking - T1149":["misp-galaxy:mitre-attack-pattern=\"LC_MAIN Hijacking - T1149\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LC_MAIN Hijacking - T1149\""],"LLMNR\/NBT-NS Poisoning - T1171":["misp-galaxy:mitre-attack-pattern=\"LLMNR\/NBT-NS Poisoning - T1171\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LLMNR\/NBT-NS Poisoning - T1171\""],"LLMNR\/NBT-NS Poisoning and Relay - T1171":["misp-galaxy:mitre-attack-pattern=\"LLMNR\/NBT-NS Poisoning and Relay - T1171\""],"LSASS Driver - T1177":["misp-galaxy:mitre-attack-pattern=\"LSASS Driver - T1177\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"LSASS Driver - T1177\""],"Launch Agent - T1159":["misp-galaxy:mitre-attack-pattern=\"Launch Agent - T1159\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Launch Agent - T1159\""],"Launch Daemon - T1160":["misp-galaxy:mitre-attack-pattern=\"Launch Daemon - T1160\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Launch Daemon - T1160\""],"Launchctl - T1152":["misp-galaxy:mitre-attack-pattern=\"Launchctl - T1152\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Launchctl - T1152\""],"Leverage compromised 3rd party resources - T1375":["misp-galaxy:mitre-attack-pattern=\"Leverage compromised 3rd party resources - T1375\""],"Local Job Scheduling - T1168":["misp-galaxy:mitre-attack-pattern=\"Local Job Scheduling - T1168\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Local Job Scheduling - T1168\""],"Local Network Configuration Discovery - T1422":["misp-galaxy:mitre-attack-pattern=\"Local Network Configuration Discovery - T1422\""],"Local Network Connections Discovery - T1421":["misp-galaxy:mitre-attack-pattern=\"Local Network Connections Discovery - T1421\""],"Location Tracking - T1430":["misp-galaxy:mitre-attack-pattern=\"Location Tracking - T1430\""],"Lock User Out of Device - T1446":["misp-galaxy:mitre-attack-pattern=\"Lock User Out of Device - T1446\""],"Lockscreen Bypass - T1461":["misp-galaxy:mitre-attack-pattern=\"Lockscreen Bypass - T1461\""],"Login Item - T1162":["misp-galaxy:mitre-attack-pattern=\"Login Item - T1162\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Login Item - T1162\""],"Logon Scripts - T1037":["misp-galaxy:mitre-attack-pattern=\"Logon Scripts - T1037\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Logon Scripts - T1037\""],"Malicious Media Content - T1457":["misp-galaxy:mitre-attack-pattern=\"Malicious Media Content - T1457\""],"Malicious SMS Message - T1454":["misp-galaxy:mitre-attack-pattern=\"Malicious SMS Message - T1454\""],"Malicious Software Development Tools - T1462":["misp-galaxy:mitre-attack-pattern=\"Malicious Software Development Tools - T1462\""],"Malicious Third Party Keyboard App - T1417":["misp-galaxy:mitre-attack-pattern=\"Malicious Third Party Keyboard App - T1417\""],"Malicious or Vulnerable Built-in Device Functionality - T1473":["misp-galaxy:mitre-attack-pattern=\"Malicious or Vulnerable Built-in Device Functionality - T1473\""],"Man in the Browser - T1185":["misp-galaxy:mitre-attack-pattern=\"Man in the Browser - T1185\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Man in the Browser - T1185\""],"Manipulate App Store Rankings or Ratings - T1452":["misp-galaxy:mitre-attack-pattern=\"Manipulate App Store Rankings or Ratings - T1452\""],"Manipulate Device Communication - T1463":["misp-galaxy:mitre-attack-pattern=\"Manipulate Device Communication - T1463\""],"Map network topology - T1252":["misp-galaxy:mitre-attack-pattern=\"Map network topology - T1252\""],"Masquerading - T1036":["misp-galaxy:mitre-attack-pattern=\"Masquerading - T1036\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Masquerading - T1036\""],"Microphone or Camera Recordings - T1429":["misp-galaxy:mitre-attack-pattern=\"Microphone or Camera Recordings - T1429\""],"Mine social media - T1273":["misp-galaxy:mitre-attack-pattern=\"Mine social media - T1273\""],"Mine technical blogs\/forums - T1257":["misp-galaxy:mitre-attack-pattern=\"Mine technical blogs\/forums - T1257\""],"Misattributable credentials - T1322":["misp-galaxy:mitre-attack-pattern=\"Misattributable credentials - T1322\""],"Modify Existing Service - T1031":["misp-galaxy:mitre-attack-pattern=\"Modify Existing Service - T1031\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Modify Existing Service - T1031\""],"Modify OS Kernel or Boot Partition - T1398":["misp-galaxy:mitre-attack-pattern=\"Modify OS Kernel or Boot Partition - T1398\""],"Modify Registry - T1112":["misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Modify Registry - T1112\""],"Modify System Partition - T1400":["misp-galaxy:mitre-attack-pattern=\"Modify System Partition - T1400\""],"Modify Trusted Execution Environment - T1399":["misp-galaxy:mitre-attack-pattern=\"Modify Trusted Execution Environment - T1399\""],"Modify cached executable code - T1403":["misp-galaxy:mitre-attack-pattern=\"Modify cached executable code - T1403\""],"Mshta - T1170":["misp-galaxy:mitre-attack-pattern=\"Mshta - T1170\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Mshta - T1170\""],"Multi-Stage Channels - T1104":["misp-galaxy:mitre-attack-pattern=\"Multi-Stage Channels - T1104\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multi-Stage Channels - T1104\""],"Multi-hop Proxy - T1188":["misp-galaxy:mitre-attack-pattern=\"Multi-hop Proxy - T1188\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multi-hop Proxy - T1188\""],"Multiband Communication - T1026":["misp-galaxy:mitre-attack-pattern=\"Multiband Communication - T1026\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multiband Communication - T1026\""],"Multilayer Encryption - T1079":["misp-galaxy:mitre-attack-pattern=\"Multilayer Encryption - T1079\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Multilayer Encryption - T1079\""],"NTFS File Attributes - T1096":["misp-galaxy:mitre-attack-pattern=\"NTFS File Attributes - T1096\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"NTFS File Attributes - T1096\""],"Netsh Helper DLL - T1128":["misp-galaxy:mitre-attack-pattern=\"Netsh Helper DLL - T1128\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Netsh Helper DLL - T1128\""],"Network Denial of Service - T1498":["misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\""],"Network Service Scanning - T1046":["misp-galaxy:mitre-attack-pattern=\"Network Service Scanning - T1046\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Service Scanning - T1046\""],"Network Service Scanning - T1423":["misp-galaxy:mitre-attack-pattern=\"Network Service Scanning - T1423\""],"Network Share Connection Removal - T1126":["misp-galaxy:mitre-attack-pattern=\"Network Share Connection Removal - T1126\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Share Connection Removal - T1126\""],"Network Share Discovery - T1135":["misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Share Discovery - T1135\""],"Network Sniffing - T1040":["misp-galaxy:mitre-attack-pattern=\"Network Sniffing - T1040\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Network Sniffing - T1040\""],"Network Traffic Capture or Redirection - T1410":["misp-galaxy:mitre-attack-pattern=\"Network Traffic Capture or Redirection - T1410\""],"Network-based hiding techniques - T1315":["misp-galaxy:mitre-attack-pattern=\"Network-based hiding techniques - T1315\""],"New Service - T1050":["misp-galaxy:mitre-attack-pattern=\"New Service - T1050\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"New Service - T1050\""],"Non-traditional or less attributable payment options - T1316":["misp-galaxy:mitre-attack-pattern=\"Non-traditional or less attributable payment options - T1316\""],"OS-vendor provided communication channels - T1390":["misp-galaxy:mitre-attack-pattern=\"OS-vendor provided communication channels - T1390\""],"Obfuscate infrastructure - T1309":["misp-galaxy:mitre-attack-pattern=\"Obfuscate infrastructure - T1309\""],"Obfuscate infrastructure - T1331":["misp-galaxy:mitre-attack-pattern=\"Obfuscate infrastructure - T1331\""],"Obfuscate operational infrastructure - T1318":["misp-galaxy:mitre-attack-pattern=\"Obfuscate operational infrastructure - T1318\""],"Obfuscate or encrypt code - T1319":["misp-galaxy:mitre-attack-pattern=\"Obfuscate or encrypt code - T1319\""],"Obfuscated Files or Information - T1027":["misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Obfuscated Files or Information - T1027\""],"Obfuscated Files or Information - T1406":["misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1406\""],"Obfuscated or Encrypted Payload - T1406":["misp-galaxy:mitre-attack-pattern=\"Obfuscated or Encrypted Payload - T1406\""],"Obfuscation or cryptography - T1313":["misp-galaxy:mitre-attack-pattern=\"Obfuscation or cryptography - T1313\""],"Obtain Apple iOS enterprise distribution key pair and certificate - T1392":["misp-galaxy:mitre-attack-pattern=\"Obtain Apple iOS enterprise distribution key pair and certificate - T1392\""],"Obtain Device Cloud Backups - T1470":["misp-galaxy:mitre-attack-pattern=\"Obtain Device Cloud Backups - T1470\""],"Obtain booter\/stressor subscription - T1396":["misp-galaxy:mitre-attack-pattern=\"Obtain booter\/stressor subscription - T1396\""],"Obtain domain\/IP registration information - T1251":["misp-galaxy:mitre-attack-pattern=\"Obtain domain\/IP registration information - T1251\""],"Obtain templates\/branding materials - T1281":["misp-galaxy:mitre-attack-pattern=\"Obtain templates\/branding materials - T1281\""],"Obtain\/re-use payloads - T1346":["misp-galaxy:mitre-attack-pattern=\"Obtain\/re-use payloads - T1346\""],"Office Application Startup - T1137":["misp-galaxy:mitre-attack-pattern=\"Office Application Startup - T1137\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Office Application Startup - T1137\""],"Pass the Hash - T1075":["misp-galaxy:mitre-attack-pattern=\"Pass the Hash - T1075\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Pass the Hash - T1075\""],"Pass the Ticket - T1097":["misp-galaxy:mitre-attack-pattern=\"Pass the Ticket - T1097\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Pass the Ticket - T1097\""],"Password Filter DLL - T1174":["misp-galaxy:mitre-attack-pattern=\"Password Filter DLL - T1174\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Password Filter DLL - T1174\""],"Password Policy Discovery - T1201":["misp-galaxy:mitre-attack-pattern=\"Password Policy Discovery - T1201\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Password Policy Discovery - T1201\""],"Path Interception - T1034":["misp-galaxy:mitre-attack-pattern=\"Path Interception - T1034\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Path Interception - T1034\""],"Peripheral Device Discovery - T1120":["misp-galaxy:mitre-attack-pattern=\"Peripheral Device Discovery - T1120\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Peripheral Device Discovery - T1120\""],"Permission Groups Discovery - T1069":["misp-galaxy:mitre-attack-pattern=\"Permission Groups Discovery - T1069\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Permission Groups Discovery - T1069\""],"Plist Modification - T1150":["misp-galaxy:mitre-attack-pattern=\"Plist Modification - T1150\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Plist Modification - T1150\""],"Port Knocking - T1205":["misp-galaxy:mitre-attack-pattern=\"Port Knocking - T1205\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Port Knocking - T1205\""],"Port Monitors - T1013":["misp-galaxy:mitre-attack-pattern=\"Port Monitors - T1013\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Port Monitors - T1013\""],"Port redirector - T1363":["misp-galaxy:mitre-attack-pattern=\"Port redirector - T1363\""],"Post compromise tool development - T1353":["misp-galaxy:mitre-attack-pattern=\"Post compromise tool development - T1353\""],"PowerShell - T1086":["misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"PowerShell - T1086\""],"Premium SMS Toll Fraud - T1448":["misp-galaxy:mitre-attack-pattern=\"Premium SMS Toll Fraud - T1448\""],"Private Keys - T1145":["misp-galaxy:mitre-attack-pattern=\"Private Keys - T1145\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Private Keys - T1145\""],"Private whois services - T1305":["misp-galaxy:mitre-attack-pattern=\"Private whois services - T1305\""],"Process Discovery - T1057":["misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Discovery - T1057\""],"Process Discovery - T1424":["misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1424\""],"Process Doppelg\u00e4nging - T1186":["misp-galaxy:mitre-attack-pattern=\"Process Doppelg\u00e4nging - T1186\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Doppelg\u00e4nging - T1186\""],"Process Hollowing - T1093":["misp-galaxy:mitre-attack-pattern=\"Process Hollowing - T1093\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Hollowing - T1093\""],"Process Injection - T1055":["misp-galaxy:mitre-attack-pattern=\"Process Injection - T1055\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Process Injection - T1055\""],"Procure required equipment and software - T1335":["misp-galaxy:mitre-attack-pattern=\"Procure required equipment and software - T1335\""],"Proxy\/protocol relays - T1304":["misp-galaxy:mitre-attack-pattern=\"Proxy\/protocol relays - T1304\""],"Push-notification client-side exploit - T1373":["misp-galaxy:mitre-attack-pattern=\"Push-notification client-side exploit - T1373\""],"Query Registry - T1012":["misp-galaxy:mitre-attack-pattern=\"Query Registry - T1012\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Query Registry - T1012\""],"Rc.common - T1163":["misp-galaxy:mitre-attack-pattern=\"Rc.common - T1163\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Rc.common - T1163\""],"Re-opened Applications - T1164":["misp-galaxy:mitre-attack-pattern=\"Re-opened Applications - T1164\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Re-opened Applications - T1164\""],"Receive KITs\/KIQs and determine requirements - T1239":["misp-galaxy:mitre-attack-pattern=\"Receive KITs\/KIQs and determine requirements - T1239\""],"Receive operator KITs\/KIQs tasking - T1235":["misp-galaxy:mitre-attack-pattern=\"Receive operator KITs\/KIQs tasking - T1235\""],"Redundant Access - T1108":["misp-galaxy:mitre-attack-pattern=\"Redundant Access - T1108\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Redundant Access - T1108\""],"Registry Run Keys \/ Startup Folder - T1060":["misp-galaxy:mitre-attack-pattern=\"Registry Run Keys \/ Startup Folder - T1060\""],"Regsvcs\/Regasm - T1121":["misp-galaxy:mitre-attack-pattern=\"Regsvcs\/Regasm - T1121\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Regsvcs\/Regasm - T1121\""],"Regsvr32 - T1117":["misp-galaxy:mitre-attack-pattern=\"Regsvr32 - T1117\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Regsvr32 - T1117\""],"Remote Access Tools - T1219":["misp-galaxy:mitre-attack-pattern=\"Remote Access Tools - T1219\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote Access Tools - T1219\""],"Remote Desktop Protocol - T1076":["misp-galaxy:mitre-attack-pattern=\"Remote Desktop Protocol - T1076\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote Desktop Protocol - T1076\""],"Remote File Copy - T1105":["misp-galaxy:mitre-attack-pattern=\"Remote File Copy - T1105\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote File Copy - T1105\""],"Remote Services - T1021":["misp-galaxy:mitre-attack-pattern=\"Remote Services - T1021\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote Services - T1021\""],"Remote System Discovery - T1018":["misp-galaxy:mitre-attack-pattern=\"Remote System Discovery - T1018\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Remote System Discovery - T1018\""],"Remote access tool development - T1351":["misp-galaxy:mitre-attack-pattern=\"Remote access tool development - T1351\""],"Remotely Install Application - T1443":["misp-galaxy:mitre-attack-pattern=\"Remotely Install Application - T1443\""],"Remotely Track Device Without Authorization - T1468":["misp-galaxy:mitre-attack-pattern=\"Remotely Track Device Without Authorization - T1468\""],"Remotely Wipe Data Without Authorization - T1469":["misp-galaxy:mitre-attack-pattern=\"Remotely Wipe Data Without Authorization - T1469\""],"Repackaged Application - T1444":["misp-galaxy:mitre-attack-pattern=\"Repackaged Application - T1444\""],"Replace legitimate binary with malware - T1378":["misp-galaxy:mitre-attack-pattern=\"Replace legitimate binary with malware - T1378\""],"Replication Through Removable Media - T1091":["misp-galaxy:mitre-attack-pattern=\"Replication Through Removable Media - T1091\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Replication Through Removable Media - T1091\""],"Research relevant vulnerabilities\/CVEs - T1291":["misp-galaxy:mitre-attack-pattern=\"Research relevant vulnerabilities\/CVEs - T1291\""],"Research visibility gap of security vendors - T1290":["misp-galaxy:mitre-attack-pattern=\"Research visibility gap of security vendors - T1290\""],"Resource Hijacking - T1496":["misp-galaxy:mitre-attack-pattern=\"Resource Hijacking - T1496\""],"Review logs and residual traces - T1358":["misp-galaxy:mitre-attack-pattern=\"Review logs and residual traces - T1358\""],"Rogue Cellular Base Station - T1467":["misp-galaxy:mitre-attack-pattern=\"Rogue Cellular Base Station - T1467\""],"Rogue Wi-Fi Access Points - T1465":["misp-galaxy:mitre-attack-pattern=\"Rogue Wi-Fi Access Points - T1465\""],"Rootkit - T1014":["misp-galaxy:mitre-attack-pattern=\"Rootkit - T1014\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Rootkit - T1014\""],"Rundll32 - T1085":["misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Rundll32 - T1085\""],"Runtime Data Manipulation - T1494":["misp-galaxy:mitre-attack-pattern=\"Runtime Data Manipulation - T1494\""],"Runtime code download and execution - T1395":["misp-galaxy:mitre-attack-pattern=\"Runtime code download and execution - T1395\""],"SID-History Injection - T1178":["misp-galaxy:mitre-attack-pattern=\"SID-History Injection - T1178\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"SID-History Injection - T1178\""],"SIM Card Swap - T1451":["misp-galaxy:mitre-attack-pattern=\"SIM Card Swap - T1451\""],"SIP and Trust Provider Hijacking - T1198":["misp-galaxy:mitre-attack-pattern=\"SIP and Trust Provider Hijacking - T1198\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"SIP and Trust Provider Hijacking - T1198\""],"SSH Hijacking - T1184":["misp-galaxy:mitre-attack-pattern=\"SSH Hijacking - T1184\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"SSH Hijacking - T1184\""],"SSL certificate acquisition for domain - T1337":["misp-galaxy:mitre-attack-pattern=\"SSL certificate acquisition for domain - T1337\""],"SSL certificate acquisition for trust breaking - T1338":["misp-galaxy:mitre-attack-pattern=\"SSL certificate acquisition for trust breaking - T1338\""],"Scheduled Task - T1053":["misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scheduled Task - T1053\""],"Scheduled Transfer - T1029":["misp-galaxy:mitre-attack-pattern=\"Scheduled Transfer - T1029\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scheduled Transfer - T1029\""],"Screen Capture - T1113":["misp-galaxy:mitre-attack-pattern=\"Screen Capture - T1113\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Screen Capture - T1113\""],"Screensaver - T1180":["misp-galaxy:mitre-attack-pattern=\"Screensaver - T1180\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Screensaver - T1180\""],"Scripting - T1064":["misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Scripting - T1064\""],"Secure and protect infrastructure - T1317":["misp-galaxy:mitre-attack-pattern=\"Secure and protect infrastructure - T1317\""],"Security Software Discovery - T1063":["misp-galaxy:mitre-attack-pattern=\"Security Software Discovery - T1063\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Security Software Discovery - T1063\""],"Security Support Provider - T1101":["misp-galaxy:mitre-attack-pattern=\"Security Support Provider - T1101\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Security Support Provider - T1101\""],"Securityd Memory - T1167":["misp-galaxy:mitre-attack-pattern=\"Securityd Memory - T1167\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Securityd Memory - T1167\""],"Service Execution - T1035":["misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Service Execution - T1035\""],"Service Registry Permissions Weakness - T1058":["misp-galaxy:mitre-attack-pattern=\"Service Registry Permissions Weakness - T1058\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Service Registry Permissions Weakness - T1058\""],"Service Stop - T1489":["misp-galaxy:mitre-attack-pattern=\"Service Stop - T1489\""],"Setuid and Setgid - T1166":["misp-galaxy:mitre-attack-pattern=\"Setuid and Setgid - T1166\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Setuid and Setgid - T1166\""],"Shadow DNS - T1340":["misp-galaxy:mitre-attack-pattern=\"Shadow DNS - T1340\""],"Shared Webroot - T1051":["misp-galaxy:mitre-attack-pattern=\"Shared Webroot - T1051\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Shared Webroot - T1051\""],"Shortcut Modification - T1023":["misp-galaxy:mitre-attack-pattern=\"Shortcut Modification - T1023\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Shortcut Modification - T1023\""],"Signed Binary Proxy Execution - T1218":["misp-galaxy:mitre-attack-pattern=\"Signed Binary Proxy Execution - T1218\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Signed Binary Proxy Execution - T1218\""],"Signed Script Proxy Execution - T1216":["misp-galaxy:mitre-attack-pattern=\"Signed Script Proxy Execution - T1216\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Signed Script Proxy Execution - T1216\""],"Software Packing - T1045":["misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Software Packing - T1045\""],"Source - T1153":["misp-galaxy:mitre-attack-pattern=\"Source - T1153\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Source - T1153\""],"Space after Filename - T1151":["misp-galaxy:mitre-attack-pattern=\"Space after Filename - T1151\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Space after Filename - T1151\""],"Spear phishing messages with malicious attachments - T1367":["misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with malicious attachments - T1367\""],"Spear phishing messages with malicious links - T1369":["misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with malicious links - T1369\""],"Spear phishing messages with text only - T1368":["misp-galaxy:mitre-attack-pattern=\"Spear phishing messages with text only - T1368\""],"Spearphishing Attachment - T1193":["misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Attachment - T1193\""],"Spearphishing Link - T1192":["misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing Link - T1192\""],"Spearphishing for Information - T1397":["misp-galaxy:mitre-attack-pattern=\"Spearphishing for Information - T1397\""],"Spearphishing via Service - T1194":["misp-galaxy:mitre-attack-pattern=\"Spearphishing via Service - T1194\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Spearphishing via Service - T1194\""],"Standard Application Layer Protocol - T1071":["misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1071\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Application Layer Protocol - T1071\""],"Standard Application Layer Protocol - T1437":["misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1437\""],"Standard Cryptographic Protocol - T1032":["misp-galaxy:mitre-attack-pattern=\"Standard Cryptographic Protocol - T1032\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Cryptographic Protocol - T1032\""],"Standard Non-Application Layer Protocol - T1095":["misp-galaxy:mitre-attack-pattern=\"Standard Non-Application Layer Protocol - T1095\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Standard Non-Application Layer Protocol - T1095\""],"Startup Items - T1165":["misp-galaxy:mitre-attack-pattern=\"Startup Items - T1165\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Startup Items - T1165\""],"Stolen Developer Credentials or Signing Keys - T1441":["misp-galaxy:mitre-attack-pattern=\"Stolen Developer Credentials or Signing Keys - T1441\""],"Stored Data Manipulation - T1492":["misp-galaxy:mitre-attack-pattern=\"Stored Data Manipulation - T1492\""],"Submit KITs, KIQs, and intelligence requirements - T1237":["misp-galaxy:mitre-attack-pattern=\"Submit KITs, KIQs, and intelligence requirements - T1237\""],"Sudo - T1169":["misp-galaxy:mitre-attack-pattern=\"Sudo - T1169\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Sudo - T1169\""],"Sudo Caching - T1206":["misp-galaxy:mitre-attack-pattern=\"Sudo Caching - T1206\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Sudo Caching - T1206\""],"Supply Chain Compromise - T1195":["misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1195\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Supply Chain Compromise - T1195\""],"Supply Chain Compromise - T1474":["misp-galaxy:mitre-attack-pattern=\"Supply Chain Compromise - T1474\""],"System Firmware - T1019":["misp-galaxy:mitre-attack-pattern=\"System Firmware - T1019\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Firmware - T1019\""],"System Information Discovery - T1082":["misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1082\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Information Discovery - T1082\""],"System Information Discovery - T1426":["misp-galaxy:mitre-attack-pattern=\"System Information Discovery - T1426\""],"System Network Configuration Discovery - T1016":["misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1016\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Configuration Discovery - T1016\""],"System Network Configuration Discovery - T1422":["misp-galaxy:mitre-attack-pattern=\"System Network Configuration Discovery - T1422\""],"System Network Connections Discovery - T1049":["misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Network Connections Discovery - T1049\""],"System Network Connections Discovery - T1421":["misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1421\""],"System Owner\/User Discovery - T1033":["misp-galaxy:mitre-attack-pattern=\"System Owner\/User Discovery - T1033\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Owner\/User Discovery - T1033\""],"System Service Discovery - T1007":["misp-galaxy:mitre-attack-pattern=\"System Service Discovery - T1007\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Service Discovery - T1007\""],"System Time Discovery - T1124":["misp-galaxy:mitre-attack-pattern=\"System Time Discovery - T1124\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"System Time Discovery - T1124\""],"Systemd Service - T1501":["misp-galaxy:mitre-attack-pattern=\"Systemd Service - T1501\""],"Taint Shared Content - T1080":["misp-galaxy:mitre-attack-pattern=\"Taint Shared Content - T1080\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Taint Shared Content - T1080\""],"Targeted client-side exploitation - T1371":["misp-galaxy:mitre-attack-pattern=\"Targeted client-side exploitation - T1371\""],"Targeted social media phishing - T1366":["misp-galaxy:mitre-attack-pattern=\"Targeted social media phishing - T1366\""],"Task requirements - T1240":["misp-galaxy:mitre-attack-pattern=\"Task requirements - T1240\""],"Template Injection - T1221":["misp-galaxy:mitre-attack-pattern=\"Template Injection - T1221\""],"Test ability to evade automated mobile application security analysis performed by app stores - T1393":["misp-galaxy:mitre-attack-pattern=\"Test ability to evade automated mobile application security analysis performed by app stores - T1393\""],"Test callback functionality - T1356":["misp-galaxy:mitre-attack-pattern=\"Test callback functionality - T1356\""],"Test malware in various execution environments - T1357":["misp-galaxy:mitre-attack-pattern=\"Test malware in various execution environments - T1357\""],"Test malware to evade detection - T1359":["misp-galaxy:mitre-attack-pattern=\"Test malware to evade detection - T1359\""],"Test physical access - T1360":["misp-galaxy:mitre-attack-pattern=\"Test physical access - T1360\""],"Test signature detection - T1292":["misp-galaxy:mitre-attack-pattern=\"Test signature detection - T1292\""],"Test signature detection for file upload\/email filters - T1361":["misp-galaxy:mitre-attack-pattern=\"Test signature detection for file upload\/email filters - T1361\""],"Third-party Software - T1072":["misp-galaxy:mitre-attack-pattern=\"Third-party Software - T1072\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Third-party Software - T1072\""],"Time Providers - T1209":["misp-galaxy:mitre-attack-pattern=\"Time Providers - T1209\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Time Providers - T1209\""],"Timestomp - T1099":["misp-galaxy:mitre-attack-pattern=\"Timestomp - T1099\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Timestomp - T1099\""],"Transmitted Data Manipulation - T1493":["misp-galaxy:mitre-attack-pattern=\"Transmitted Data Manipulation - T1493\""],"Trap - T1154":["misp-galaxy:mitre-attack-pattern=\"Trap - T1154\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Trap - T1154\""],"Trusted Developer Utilities - T1127":["misp-galaxy:mitre-attack-pattern=\"Trusted Developer Utilities - T1127\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Trusted Developer Utilities - T1127\""],"Trusted Relationship - T1199":["misp-galaxy:mitre-attack-pattern=\"Trusted Relationship - T1199\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Trusted Relationship - T1199\""],"Two-Factor Authentication Interception - T1111":["misp-galaxy:mitre-attack-pattern=\"Two-Factor Authentication Interception - T1111\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Two-Factor Authentication Interception - T1111\""],"URL Scheme Hijacking - T1415":["misp-galaxy:mitre-attack-pattern=\"URL Scheme Hijacking - T1415\""],"Unauthorized user introduces compromise delivery mechanism - T1387":["misp-galaxy:mitre-attack-pattern=\"Unauthorized user introduces compromise delivery mechanism - T1387\""],"Uncommonly Used Port - T1065":["misp-galaxy:mitre-attack-pattern=\"Uncommonly Used Port - T1065\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Uncommonly Used Port - T1065\""],"Unconditional client-side exploitation\/Injected Website\/Driveby - T1372":["misp-galaxy:mitre-attack-pattern=\"Unconditional client-side exploitation\/Injected Website\/Driveby - T1372\""],"Untargeted client-side exploitation - T1370":["misp-galaxy:mitre-attack-pattern=\"Untargeted client-side exploitation - T1370\""],"Upload, install, and configure software\/tools - T1362":["misp-galaxy:mitre-attack-pattern=\"Upload, install, and configure software\/tools - T1362\""],"Use multiple DNS infrastructures - T1327":["misp-galaxy:mitre-attack-pattern=\"Use multiple DNS infrastructures - T1327\""],"User Execution - T1204":["misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"User Execution - T1204\""],"User Interface Spoofing - T1411":["misp-galaxy:mitre-attack-pattern=\"User Interface Spoofing - T1411\""],"Valid Accounts - T1078":["misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Valid Accounts - T1078\""],"Video Capture - T1125":["misp-galaxy:mitre-attack-pattern=\"Video Capture - T1125\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Video Capture - T1125\""],"Virtualization\/Sandbox Evasion - T1497":["misp-galaxy:mitre-attack-pattern=\"Virtualization\/Sandbox Evasion - T1497\""],"Web Service - T1102":["misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Web Service - T1102\""],"Web Service - T1481":["misp-galaxy:mitre-attack-pattern=\"Web Service - T1481\""],"Web Shell - T1100":["misp-galaxy:mitre-attack-pattern=\"Web Shell - T1100\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Web Shell - T1100\""],"Windows Admin Shares - T1077":["misp-galaxy:mitre-attack-pattern=\"Windows Admin Shares - T1077\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Admin Shares - T1077\""],"Windows Management Instrumentation - T1047":["misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation - T1047\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation - T1047\""],"Windows Management Instrumentation Event Subscription - T1084":["misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1084\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1084\""],"Windows Remote Management - T1028":["misp-galaxy:mitre-attack-pattern=\"Windows Remote Management - T1028\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Windows Remote Management - T1028\""],"Winlogon Helper DLL - T1004":["misp-galaxy:mitre-attack-pattern=\"Winlogon Helper DLL - T1004\"","misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Winlogon Helper DLL - T1004\""],"Wipe Device Data - T1447":["misp-galaxy:mitre-attack-pattern=\"Wipe Device Data - T1447\""],"XSL Script Processing - T1220":["misp-galaxy:mitre-attack-pattern=\"XSL Script Processing - T1220\""],".bash_profile and .bashrc Mitigation - T1156":["misp-galaxy:mitre-course-of-action=\".bash_profile and .bashrc Mitigation - T1156\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\".bash_profile and .bashrc Mitigation - T1156\""],"Access Token Manipulation Mitigation - T1134":["misp-galaxy:mitre-course-of-action=\"Access Token Manipulation Mitigation - T1134\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Access Token Manipulation Mitigation - T1134\""],"Accessibility Features Mitigation - T1015":["misp-galaxy:mitre-course-of-action=\"Accessibility Features Mitigation - T1015\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Accessibility Features Mitigation - T1015\""],"Account Discovery Mitigation - T1087":["misp-galaxy:mitre-course-of-action=\"Account Discovery Mitigation - T1087\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Account Discovery Mitigation - T1087\""],"Account Manipulation Mitigation - T1098":["misp-galaxy:mitre-course-of-action=\"Account Manipulation Mitigation - T1098\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Account Manipulation Mitigation - T1098\""],"AppCert DLLs Mitigation - T1182":["misp-galaxy:mitre-course-of-action=\"AppCert DLLs Mitigation - T1182\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"AppCert DLLs Mitigation - T1182\""],"AppInit DLLs Mitigation - T1103":["misp-galaxy:mitre-course-of-action=\"AppInit DLLs Mitigation - T1103\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"AppInit DLLs Mitigation - T1103\""],"AppleScript Mitigation - T1155":["misp-galaxy:mitre-course-of-action=\"AppleScript Mitigation - T1155\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"AppleScript Mitigation - T1155\""],"Application Deployment Software Mitigation - T1017":["misp-galaxy:mitre-course-of-action=\"Application Deployment Software Mitigation - T1017\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Application Deployment Software Mitigation - T1017\""],"Application Developer Guidance - M1013":["misp-galaxy:mitre-course-of-action=\"Application Developer Guidance - M1013\""],"Application Shimming Mitigation - T1138":["misp-galaxy:mitre-course-of-action=\"Application Shimming Mitigation - T1138\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Application Shimming Mitigation - T1138\""],"Application Vetting - M1005":["misp-galaxy:mitre-course-of-action=\"Application Vetting - M1005\""],"Application Window Discovery Mitigation - T1010":["misp-galaxy:mitre-course-of-action=\"Application Window Discovery Mitigation - T1010\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Application Window Discovery Mitigation - T1010\""],"Attestation - M1002":["misp-galaxy:mitre-course-of-action=\"Attestation - M1002\""],"Audio Capture Mitigation - T1123":["misp-galaxy:mitre-course-of-action=\"Audio Capture Mitigation - T1123\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Audio Capture Mitigation - T1123\""],"Authentication Package Mitigation - T1131":["misp-galaxy:mitre-course-of-action=\"Authentication Package Mitigation - T1131\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Authentication Package Mitigation - T1131\""],"Automated Collection Mitigation - T1119":["misp-galaxy:mitre-course-of-action=\"Automated Collection Mitigation - T1119\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Automated Collection Mitigation - T1119\""],"Automated Exfiltration Mitigation - T1020":["misp-galaxy:mitre-course-of-action=\"Automated Exfiltration Mitigation - T1020\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Automated Exfiltration Mitigation - T1020\""],"BITS Jobs Mitigation - T1197":["misp-galaxy:mitre-course-of-action=\"BITS Jobs Mitigation - T1197\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"BITS Jobs Mitigation - T1197\""],"Bash History Mitigation - T1139":["misp-galaxy:mitre-course-of-action=\"Bash History Mitigation - T1139\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Bash History Mitigation - T1139\""],"Binary Padding Mitigation - T1009":["misp-galaxy:mitre-course-of-action=\"Binary Padding Mitigation - T1009\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Binary Padding Mitigation - T1009\""],"Bootkit Mitigation - T1067":["misp-galaxy:mitre-course-of-action=\"Bootkit Mitigation - T1067\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Bootkit Mitigation - T1067\""],"Browser Bookmark Discovery Mitigation - T1217":["misp-galaxy:mitre-course-of-action=\"Browser Bookmark Discovery Mitigation - T1217\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Browser Bookmark Discovery Mitigation - T1217\""],"Browser Extensions Mitigation - T1176":["misp-galaxy:mitre-course-of-action=\"Browser Extensions Mitigation - T1176\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Browser Extensions Mitigation - T1176\""],"Brute Force Mitigation - T1110":["misp-galaxy:mitre-course-of-action=\"Brute Force Mitigation - T1110\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Brute Force Mitigation - T1110\""],"Bypass User Account Control Mitigation - T1088":["misp-galaxy:mitre-course-of-action=\"Bypass User Account Control Mitigation - T1088\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Bypass User Account Control Mitigation - T1088\""],"CMSTP Mitigation - T1191":["misp-galaxy:mitre-course-of-action=\"CMSTP Mitigation - T1191\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"CMSTP Mitigation - T1191\""],"Caution with Device Administrator Access - M1007":["misp-galaxy:mitre-course-of-action=\"Caution with Device Administrator Access - M1007\""],"Change Default File Association Mitigation - T1042":["misp-galaxy:mitre-course-of-action=\"Change Default File Association Mitigation - T1042\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Change Default File Association Mitigation - T1042\""],"Clear Command History Mitigation - T1146":["misp-galaxy:mitre-course-of-action=\"Clear Command History Mitigation - T1146\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Clear Command History Mitigation - T1146\""],"Clipboard Data Mitigation - T1115":["misp-galaxy:mitre-course-of-action=\"Clipboard Data Mitigation - T1115\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Clipboard Data Mitigation - T1115\""],"Code Signing Mitigation - T1116":["misp-galaxy:mitre-course-of-action=\"Code Signing Mitigation - T1116\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Code Signing Mitigation - T1116\""],"Command-Line Interface Mitigation - T1059":["misp-galaxy:mitre-course-of-action=\"Command-Line Interface Mitigation - T1059\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Command-Line Interface Mitigation - T1059\""],"Commonly Used Port Mitigation - T1043":["misp-galaxy:mitre-course-of-action=\"Commonly Used Port Mitigation - T1043\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Commonly Used Port Mitigation - T1043\""],"Communication Through Removable Media Mitigation - T1092":["misp-galaxy:mitre-course-of-action=\"Communication Through Removable Media Mitigation - T1092\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Communication Through Removable Media Mitigation - T1092\""],"Compile After Delivery Mitigation - T1502":["misp-galaxy:mitre-course-of-action=\"Compile After Delivery Mitigation - T1502\""],"Compiled HTML File Mitigation - T1223":["misp-galaxy:mitre-course-of-action=\"Compiled HTML File Mitigation - T1223\""],"Component Firmware Mitigation - T1109":["misp-galaxy:mitre-course-of-action=\"Component Firmware Mitigation - T1109\""],"Component Object Model Hijacking Mitigation - T1122":["misp-galaxy:mitre-course-of-action=\"Component Object Model Hijacking Mitigation - T1122\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Component Object Model Hijacking Mitigation - T1122\""],"Connection Proxy Mitigation - T1090":["misp-galaxy:mitre-course-of-action=\"Connection Proxy Mitigation - T1090\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Connection Proxy Mitigation - T1090\""],"Control Panel Items Mitigation - T1196":["misp-galaxy:mitre-course-of-action=\"Control Panel Items Mitigation - T1196\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Control Panel Items Mitigation - T1196\""],"Create Account Mitigation - T1136":["misp-galaxy:mitre-course-of-action=\"Create Account Mitigation - T1136\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Create Account Mitigation - T1136\""],"Credential Dumping Mitigation - T1003":["misp-galaxy:mitre-course-of-action=\"Credential Dumping Mitigation - T1003\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Credential Dumping Mitigation - T1003\""],"Credentials in Files Mitigation - T1081":["misp-galaxy:mitre-course-of-action=\"Credentials in Files Mitigation - T1081\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Credentials in Files Mitigation - T1081\""],"Credentials in Registry Mitigation - T1214":["misp-galaxy:mitre-course-of-action=\"Credentials in Registry Mitigation - T1214\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Credentials in Registry Mitigation - T1214\""],"Custom Command and Control Protocol Mitigation - T1094":["misp-galaxy:mitre-course-of-action=\"Custom Command and Control Protocol Mitigation - T1094\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Custom Command and Control Protocol Mitigation - T1094\""],"Custom Cryptographic Protocol Mitigation - T1024":["misp-galaxy:mitre-course-of-action=\"Custom Cryptographic Protocol Mitigation - T1024\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Custom Cryptographic Protocol Mitigation - T1024\""],"DCShadow Mitigation - T1207":["misp-galaxy:mitre-course-of-action=\"DCShadow Mitigation - T1207\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"DCShadow Mitigation - T1207\""],"DLL Search Order Hijacking Mitigation - T1038":["misp-galaxy:mitre-course-of-action=\"DLL Search Order Hijacking Mitigation - T1038\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"DLL Search Order Hijacking Mitigation - T1038\""],"DLL Side-Loading Mitigation - T1073":["misp-galaxy:mitre-course-of-action=\"DLL Side-Loading Mitigation - T1073\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"DLL Side-Loading Mitigation - T1073\""],"Data Compressed Mitigation - T1002":["misp-galaxy:mitre-course-of-action=\"Data Compressed Mitigation - T1002\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Compressed Mitigation - T1002\""],"Data Destruction Mitigation - T1488":["misp-galaxy:mitre-course-of-action=\"Data Destruction Mitigation - T1488\""],"Data Encoding Mitigation - T1132":["misp-galaxy:mitre-course-of-action=\"Data Encoding Mitigation - T1132\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Encoding Mitigation - T1132\""],"Data Encrypted Mitigation - T1022":["misp-galaxy:mitre-course-of-action=\"Data Encrypted Mitigation - T1022\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Encrypted Mitigation - T1022\""],"Data Encrypted for Impact Mitigation - T1486":["misp-galaxy:mitre-course-of-action=\"Data Encrypted for Impact Mitigation - T1486\""],"Data Obfuscation Mitigation - T1001":["misp-galaxy:mitre-course-of-action=\"Data Obfuscation Mitigation - T1001\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Obfuscation Mitigation - T1001\""],"Data Staged Mitigation - T1074":["misp-galaxy:mitre-course-of-action=\"Data Staged Mitigation - T1074\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Staged Mitigation - T1074\""],"Data Transfer Size Limits Mitigation - T1030":["misp-galaxy:mitre-course-of-action=\"Data Transfer Size Limits Mitigation - T1030\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data Transfer Size Limits Mitigation - T1030\""],"Data from Information Repositories Mitigation - T1213":["misp-galaxy:mitre-course-of-action=\"Data from Information Repositories Mitigation - T1213\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Information Repositories Mitigation - T1213\""],"Data from Local System Mitigation - T1005":["misp-galaxy:mitre-course-of-action=\"Data from Local System Mitigation - T1005\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Local System Mitigation - T1005\""],"Data from Network Shared Drive Mitigation - T1039":["misp-galaxy:mitre-course-of-action=\"Data from Network Shared Drive Mitigation - T1039\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Network Shared Drive Mitigation - T1039\""],"Data from Removable Media Mitigation - T1025":["misp-galaxy:mitre-course-of-action=\"Data from Removable Media Mitigation - T1025\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Data from Removable Media Mitigation - T1025\""],"Defacement Mitigation - T1491":["misp-galaxy:mitre-course-of-action=\"Defacement Mitigation - T1491\""],"Deobfuscate\/Decode Files or Information Mitigation - T1140":["misp-galaxy:mitre-course-of-action=\"Deobfuscate\/Decode Files or Information Mitigation - T1140\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Deobfuscate\/Decode Files or Information Mitigation - T1140\""],"Deploy Compromised Device Detection Method - M1010":["misp-galaxy:mitre-course-of-action=\"Deploy Compromised Device Detection Method - M1010\""],"Disabling Security Tools Mitigation - T1089":["misp-galaxy:mitre-course-of-action=\"Disabling Security Tools Mitigation - T1089\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Disabling Security Tools Mitigation - T1089\""],"Distributed Component Object Model Mitigation - T1175":["misp-galaxy:mitre-course-of-action=\"Distributed Component Object Model Mitigation - T1175\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Distributed Component Object Model Mitigation - T1175\""],"Domain Fronting Mitigation - T1172":["misp-galaxy:mitre-course-of-action=\"Domain Fronting Mitigation - T1172\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Domain Fronting Mitigation - T1172\""],"Domain Generation Algorithms Mitigation - T1483":["misp-galaxy:mitre-course-of-action=\"Domain Generation Algorithms Mitigation - T1483\""],"Domain Trust Discovery Mitigation - T1482":["misp-galaxy:mitre-course-of-action=\"Domain Trust Discovery Mitigation - T1482\""],"Drive-by Compromise Mitigation - T1189":["misp-galaxy:mitre-course-of-action=\"Drive-by Compromise Mitigation - T1189\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Drive-by Compromise Mitigation - T1189\""],"Dylib Hijacking Mitigation - T1157":["misp-galaxy:mitre-course-of-action=\"Dylib Hijacking Mitigation - T1157\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Dylib Hijacking Mitigation - T1157\""],"Dynamic Data Exchange Mitigation - T1173":["misp-galaxy:mitre-course-of-action=\"Dynamic Data Exchange Mitigation - T1173\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Dynamic Data Exchange Mitigation - T1173\""],"Email Collection Mitigation - T1114":["misp-galaxy:mitre-course-of-action=\"Email Collection Mitigation - T1114\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Email Collection Mitigation - T1114\""],"Encrypt Network Traffic - M1009":["misp-galaxy:mitre-course-of-action=\"Encrypt Network Traffic - M1009\""],"Endpoint Denial of Service Mitigation - T1499":["misp-galaxy:mitre-course-of-action=\"Endpoint Denial of Service Mitigation - T1499\""],"Enterprise Policy - M1012":["misp-galaxy:mitre-course-of-action=\"Enterprise Policy - M1012\""],"Environmental Keying Mitigation - T1480":["misp-galaxy:mitre-course-of-action=\"Environmental Keying Mitigation - T1480\""],"Execution through API Mitigation - T1106":["misp-galaxy:mitre-course-of-action=\"Execution through API Mitigation - T1106\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Execution through API Mitigation - T1106\""],"Execution through Module Load Mitigation - T1129":["misp-galaxy:mitre-course-of-action=\"Execution through Module Load Mitigation - T1129\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Execution through Module Load Mitigation - T1129\""],"Exfiltration Over Alternative Protocol Mitigation - T1048":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Alternative Protocol Mitigation - T1048\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exfiltration Over Alternative Protocol Mitigation - T1048\""],"Exfiltration Over Command and Control Channel Mitigation - T1041":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Command and Control Channel Mitigation - T1041\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exfiltration Over Command and Control Channel Mitigation - T1041\""],"Exfiltration Over Other Network Medium Mitigation - T1011":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Other Network Medium Mitigation - T1011\""],"Exfiltration Over Physical Medium Mitigation - T1052":["misp-galaxy:mitre-course-of-action=\"Exfiltration Over Physical Medium Mitigation - T1052\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exfiltration Over Physical Medium Mitigation - T1052\""],"Exploit Public-Facing Application Mitigation - T1190":["misp-galaxy:mitre-course-of-action=\"Exploit Public-Facing Application Mitigation - T1190\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploit Public-Facing Application Mitigation - T1190\""],"Exploitation for Client Execution Mitigation - T1203":["misp-galaxy:mitre-course-of-action=\"Exploitation for Client Execution Mitigation - T1203\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Client Execution Mitigation - T1203\""],"Exploitation for Credential Access Mitigation - T1212":["misp-galaxy:mitre-course-of-action=\"Exploitation for Credential Access Mitigation - T1212\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Credential Access Mitigation - T1212\""],"Exploitation for Defense Evasion Mitigation - T1211":["misp-galaxy:mitre-course-of-action=\"Exploitation for Defense Evasion Mitigation - T1211\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Defense Evasion Mitigation - T1211\""],"Exploitation for Privilege Escalation Mitigation - T1068":["misp-galaxy:mitre-course-of-action=\"Exploitation for Privilege Escalation Mitigation - T1068\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation for Privilege Escalation Mitigation - T1068\""],"Exploitation of Remote Services Mitigation - T1210":["misp-galaxy:mitre-course-of-action=\"Exploitation of Remote Services Mitigation - T1210\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Exploitation of Remote Services Mitigation - T1210\""],"External Remote Services Mitigation - T1133":["misp-galaxy:mitre-course-of-action=\"External Remote Services Mitigation - T1133\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"External Remote Services Mitigation - T1133\""],"Extra Window Memory Injection Mitigation - T1181":["misp-galaxy:mitre-course-of-action=\"Extra Window Memory Injection Mitigation - T1181\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Extra Window Memory Injection Mitigation - T1181\""],"Fallback Channels Mitigation - T1008":["misp-galaxy:mitre-course-of-action=\"Fallback Channels Mitigation - T1008\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Fallback Channels Mitigation - T1008\""],"File Deletion Mitigation - T1107":["misp-galaxy:mitre-course-of-action=\"File Deletion Mitigation - T1107\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File Deletion Mitigation - T1107\""],"File Permissions Modification Mitigation - T1222":["misp-galaxy:mitre-course-of-action=\"File Permissions Modification Mitigation - T1222\""],"File System Logical Offsets Mitigation - T1006":["misp-galaxy:mitre-course-of-action=\"File System Logical Offsets Mitigation - T1006\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File System Logical Offsets Mitigation - T1006\""],"File System Permissions Weakness Mitigation - T1044":["misp-galaxy:mitre-course-of-action=\"File System Permissions Weakness Mitigation - T1044\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File System Permissions Weakness Mitigation - T1044\""],"File and Directory Discovery Mitigation - T1083":["misp-galaxy:mitre-course-of-action=\"File and Directory Discovery Mitigation - T1083\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"File and Directory Discovery Mitigation - T1083\""],"Firmware Corruption Mitigation - T1495":["misp-galaxy:mitre-course-of-action=\"Firmware Corruption Mitigation - T1495\""],"Forced Authentication Mitigation - T1187":["misp-galaxy:mitre-course-of-action=\"Forced Authentication Mitigation - T1187\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Forced Authentication Mitigation - T1187\""],"Gatekeeper Bypass Mitigation - T1144":["misp-galaxy:mitre-course-of-action=\"Gatekeeper Bypass Mitigation - T1144\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Gatekeeper Bypass Mitigation - T1144\""],"Graphical User Interface Mitigation - T1061":["misp-galaxy:mitre-course-of-action=\"Graphical User Interface Mitigation - T1061\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Graphical User Interface Mitigation - T1061\""],"Group Policy Modification Mitigation - T1484":["misp-galaxy:mitre-course-of-action=\"Group Policy Modification Mitigation - T1484\""],"HISTCONTROL Mitigation - T1148":["misp-galaxy:mitre-course-of-action=\"HISTCONTROL Mitigation - T1148\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"HISTCONTROL Mitigation - T1148\""],"Hardware Additions Mitigation - T1200":["misp-galaxy:mitre-course-of-action=\"Hardware Additions Mitigation - T1200\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hardware Additions Mitigation - T1200\""],"Hidden Files and Directories Mitigation - T1158":["misp-galaxy:mitre-course-of-action=\"Hidden Files and Directories Mitigation - T1158\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hidden Files and Directories Mitigation - T1158\""],"Hidden Users Mitigation - T1147":["misp-galaxy:mitre-course-of-action=\"Hidden Users Mitigation - T1147\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hidden Users Mitigation - T1147\""],"Hidden Window Mitigation - T1143":["misp-galaxy:mitre-course-of-action=\"Hidden Window Mitigation - T1143\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hidden Window Mitigation - T1143\""],"Hooking Mitigation - T1179":["misp-galaxy:mitre-course-of-action=\"Hooking Mitigation - T1179\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hooking Mitigation - T1179\""],"Hypervisor Mitigation - T1062":["misp-galaxy:mitre-course-of-action=\"Hypervisor Mitigation - T1062\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Hypervisor Mitigation - T1062\""],"Image File Execution Options Injection Mitigation - T1183":["misp-galaxy:mitre-course-of-action=\"Image File Execution Options Injection Mitigation - T1183\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Image File Execution Options Injection Mitigation - T1183\""],"Indicator Blocking Mitigation - T1054":["misp-galaxy:mitre-course-of-action=\"Indicator Blocking Mitigation - T1054\""],"Indicator Removal from Tools Mitigation - T1066":["misp-galaxy:mitre-course-of-action=\"Indicator Removal from Tools Mitigation - T1066\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Indicator Removal from Tools Mitigation - T1066\""],"Indicator Removal on Host Mitigation - T1070":["misp-galaxy:mitre-course-of-action=\"Indicator Removal on Host Mitigation - T1070\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Indicator Removal on Host Mitigation - T1070\""],"Indirect Command Execution Mitigation - T1202":["misp-galaxy:mitre-course-of-action=\"Indirect Command Execution Mitigation - T1202\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Indirect Command Execution Mitigation - T1202\""],"Inhibit System Recovery Mitigation - T1490":["misp-galaxy:mitre-course-of-action=\"Inhibit System Recovery Mitigation - T1490\""],"Input Capture Mitigation - T1056":["misp-galaxy:mitre-course-of-action=\"Input Capture Mitigation - T1056\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Input Capture Mitigation - T1056\""],"Input Prompt Mitigation - T1141":["misp-galaxy:mitre-course-of-action=\"Input Prompt Mitigation - T1141\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Input Prompt Mitigation - T1141\""],"Install Root Certificate Mitigation - T1130":["misp-galaxy:mitre-course-of-action=\"Install Root Certificate Mitigation - T1130\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Install Root Certificate Mitigation - T1130\""],"InstallUtil Mitigation - T1118":["misp-galaxy:mitre-course-of-action=\"InstallUtil Mitigation - T1118\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"InstallUtil Mitigation - T1118\""],"Interconnection Filtering - M1014":["misp-galaxy:mitre-course-of-action=\"Interconnection Filtering - M1014\""],"Kerberoasting Mitigation - T1208":["misp-galaxy:mitre-course-of-action=\"Kerberoasting Mitigation - T1208\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Kerberoasting Mitigation - T1208\""],"Kernel Modules and Extensions Mitigation - T1215":["misp-galaxy:mitre-course-of-action=\"Kernel Modules and Extensions Mitigation - T1215\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Kernel Modules and Extensions Mitigation - T1215\""],"Keychain Mitigation - T1142":["misp-galaxy:mitre-course-of-action=\"Keychain Mitigation - T1142\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Keychain Mitigation - T1142\""],"LC_LOAD_DYLIB Addition Mitigation - T1161":["misp-galaxy:mitre-course-of-action=\"LC_LOAD_DYLIB Addition Mitigation - T1161\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LC_LOAD_DYLIB Addition Mitigation - T1161\""],"LC_MAIN Hijacking Mitigation - T1149":["misp-galaxy:mitre-course-of-action=\"LC_MAIN Hijacking Mitigation - T1149\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LC_MAIN Hijacking Mitigation - T1149\""],"LLMNR\/NBT-NS Poisoning Mitigation - T1171":["misp-galaxy:mitre-course-of-action=\"LLMNR\/NBT-NS Poisoning Mitigation - T1171\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LLMNR\/NBT-NS Poisoning Mitigation - T1171\""],"LSASS Driver Mitigation - T1177":["misp-galaxy:mitre-course-of-action=\"LSASS Driver Mitigation - T1177\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"LSASS Driver Mitigation - T1177\""],"Launch Agent Mitigation - T1159":["misp-galaxy:mitre-course-of-action=\"Launch Agent Mitigation - T1159\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Launch Agent Mitigation - T1159\""],"Launch Daemon Mitigation - T1160":["misp-galaxy:mitre-course-of-action=\"Launch Daemon Mitigation - T1160\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Launch Daemon Mitigation - T1160\""],"Launchctl Mitigation - T1152":["misp-galaxy:mitre-course-of-action=\"Launchctl Mitigation - T1152\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Launchctl Mitigation - T1152\""],"Local Job Scheduling Mitigation - T1168":["misp-galaxy:mitre-course-of-action=\"Local Job Scheduling Mitigation - T1168\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Local Job Scheduling Mitigation - T1168\""],"Lock Bootloader - M1003":["misp-galaxy:mitre-course-of-action=\"Lock Bootloader - M1003\""],"Login Item Mitigation - T1162":["misp-galaxy:mitre-course-of-action=\"Login Item Mitigation - T1162\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Login Item Mitigation - T1162\""],"Logon Scripts Mitigation - T1037":["misp-galaxy:mitre-course-of-action=\"Logon Scripts Mitigation - T1037\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Logon Scripts Mitigation - T1037\""],"Man in the Browser Mitigation - T1185":["misp-galaxy:mitre-course-of-action=\"Man in the Browser Mitigation - T1185\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Man in the Browser Mitigation - T1185\""],"Masquerading Mitigation - T1036":["misp-galaxy:mitre-course-of-action=\"Masquerading Mitigation - T1036\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Masquerading Mitigation - T1036\""],"Modify Existing Service Mitigation - T1031":["misp-galaxy:mitre-course-of-action=\"Modify Existing Service Mitigation - T1031\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Modify Existing Service Mitigation - T1031\""],"Modify Registry Mitigation - T1112":["misp-galaxy:mitre-course-of-action=\"Modify Registry Mitigation - T1112\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Modify Registry Mitigation - T1112\""],"Mshta Mitigation - T1170":["misp-galaxy:mitre-course-of-action=\"Mshta Mitigation - T1170\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Mshta Mitigation - T1170\""],"Multi-Stage Channels Mitigation - T1104":["misp-galaxy:mitre-course-of-action=\"Multi-Stage Channels Mitigation - T1104\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multi-Stage Channels Mitigation - T1104\""],"Multi-hop Proxy Mitigation - T1188":["misp-galaxy:mitre-course-of-action=\"Multi-hop Proxy Mitigation - T1188\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multi-hop Proxy Mitigation - T1188\""],"Multiband Communication Mitigation - T1026":["misp-galaxy:mitre-course-of-action=\"Multiband Communication Mitigation - T1026\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multiband Communication Mitigation - T1026\""],"Multilayer Encryption Mitigation - T1079":["misp-galaxy:mitre-course-of-action=\"Multilayer Encryption Mitigation - T1079\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Multilayer Encryption Mitigation - T1079\""],"NTFS File Attributes Mitigation - T1096":["misp-galaxy:mitre-course-of-action=\"NTFS File Attributes Mitigation - T1096\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"NTFS File Attributes Mitigation - T1096\""],"Netsh Helper DLL Mitigation - T1128":["misp-galaxy:mitre-course-of-action=\"Netsh Helper DLL Mitigation - T1128\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Netsh Helper DLL Mitigation - T1128\""],"Network Denial of Service Mitigation - T1498":["misp-galaxy:mitre-course-of-action=\"Network Denial of Service Mitigation - T1498\""],"Network Service Scanning Mitigation - T1046":["misp-galaxy:mitre-course-of-action=\"Network Service Scanning Mitigation - T1046\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Service Scanning Mitigation - T1046\""],"Network Share Connection Removal Mitigation - T1126":["misp-galaxy:mitre-course-of-action=\"Network Share Connection Removal Mitigation - T1126\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Share Connection Removal Mitigation - T1126\""],"Network Share Discovery Mitigation - T1135":["misp-galaxy:mitre-course-of-action=\"Network Share Discovery Mitigation - T1135\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Share Discovery Mitigation - T1135\""],"Network Sniffing Mitigation - T1040":["misp-galaxy:mitre-course-of-action=\"Network Sniffing Mitigation - T1040\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Network Sniffing Mitigation - T1040\""],"New Service Mitigation - T1050":["misp-galaxy:mitre-course-of-action=\"New Service Mitigation - T1050\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"New Service Mitigation - T1050\""],"Obfuscated Files or Information Mitigation - T1027":["misp-galaxy:mitre-course-of-action=\"Obfuscated Files or Information Mitigation - T1027\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Obfuscated Files or Information Mitigation - T1027\""],"Office Application Startup Mitigation - T1137":["misp-galaxy:mitre-course-of-action=\"Office Application Startup Mitigation - T1137\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Office Application Startup Mitigation - T1137\""],"Pass the Hash Mitigation - T1075":["misp-galaxy:mitre-course-of-action=\"Pass the Hash Mitigation - T1075\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Pass the Hash Mitigation - T1075\""],"Pass the Ticket Mitigation - T1097":["misp-galaxy:mitre-course-of-action=\"Pass the Ticket Mitigation - T1097\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Pass the Ticket Mitigation - T1097\""],"Password Filter DLL Mitigation - T1174":["misp-galaxy:mitre-course-of-action=\"Password Filter DLL Mitigation - T1174\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Password Filter DLL Mitigation - T1174\""],"Password Policy Discovery Mitigation - T1201":["misp-galaxy:mitre-course-of-action=\"Password Policy Discovery Mitigation - T1201\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Password Policy Discovery Mitigation - T1201\""],"Path Interception Mitigation - T1034":["misp-galaxy:mitre-course-of-action=\"Path Interception Mitigation - T1034\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Path Interception Mitigation - T1034\""],"Peripheral Device Discovery Mitigation - T1120":["misp-galaxy:mitre-course-of-action=\"Peripheral Device Discovery Mitigation - T1120\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Peripheral Device Discovery Mitigation - T1120\""],"Permission Groups Discovery Mitigation - T1069":["misp-galaxy:mitre-course-of-action=\"Permission Groups Discovery Mitigation - T1069\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Permission Groups Discovery Mitigation - T1069\""],"Plist Modification Mitigation - T1150":["misp-galaxy:mitre-course-of-action=\"Plist Modification Mitigation - T1150\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Plist Modification Mitigation - T1150\""],"Port Knocking Mitigation - T1205":["misp-galaxy:mitre-course-of-action=\"Port Knocking Mitigation - T1205\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Port Knocking Mitigation - T1205\""],"Port Monitors Mitigation - T1013":["misp-galaxy:mitre-course-of-action=\"Port Monitors Mitigation - T1013\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Port Monitors Mitigation - T1013\""],"PowerShell Mitigation - T1086":["misp-galaxy:mitre-course-of-action=\"PowerShell Mitigation - T1086\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"PowerShell Mitigation - T1086\""],"Private Keys Mitigation - T1145":["misp-galaxy:mitre-course-of-action=\"Private Keys Mitigation - T1145\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Private Keys Mitigation - T1145\""],"Process Discovery Mitigation - T1057":["misp-galaxy:mitre-course-of-action=\"Process Discovery Mitigation - T1057\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Discovery Mitigation - T1057\""],"Process Doppelg\u00e4nging Mitigation - T1186":["misp-galaxy:mitre-course-of-action=\"Process Doppelg\u00e4nging Mitigation - T1186\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Doppelg\u00e4nging Mitigation - T1186\""],"Process Hollowing Mitigation - T1093":["misp-galaxy:mitre-course-of-action=\"Process Hollowing Mitigation - T1093\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Hollowing Mitigation - T1093\""],"Process Injection Mitigation - T1055":["misp-galaxy:mitre-course-of-action=\"Process Injection Mitigation - T1055\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Process Injection Mitigation - T1055\""],"Query Registry Mitigation - T1012":["misp-galaxy:mitre-course-of-action=\"Query Registry Mitigation - T1012\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Query Registry Mitigation - T1012\""],"Rc.common Mitigation - T1163":["misp-galaxy:mitre-course-of-action=\"Rc.common Mitigation - T1163\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Rc.common Mitigation - T1163\""],"Re-opened Applications Mitigation - T1164":["misp-galaxy:mitre-course-of-action=\"Re-opened Applications Mitigation - T1164\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Re-opened Applications Mitigation - T1164\""],"Redundant Access Mitigation - T1108":["misp-galaxy:mitre-course-of-action=\"Redundant Access Mitigation - T1108\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Redundant Access Mitigation - T1108\""],"Registry Run Keys \/ Startup Folder Mitigation - T1060":["misp-galaxy:mitre-course-of-action=\"Registry Run Keys \/ Startup Folder Mitigation - T1060\""],"Regsvcs\/Regasm Mitigation - T1121":["misp-galaxy:mitre-course-of-action=\"Regsvcs\/Regasm Mitigation - T1121\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Regsvcs\/Regasm Mitigation - T1121\""],"Regsvr32 Mitigation - T1117":["misp-galaxy:mitre-course-of-action=\"Regsvr32 Mitigation - T1117\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Regsvr32 Mitigation - T1117\""],"Remote Access Tools Mitigation - T1219":["misp-galaxy:mitre-course-of-action=\"Remote Access Tools Mitigation - T1219\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote Access Tools Mitigation - T1219\""],"Remote Desktop Protocol Mitigation - T1076":["misp-galaxy:mitre-course-of-action=\"Remote Desktop Protocol Mitigation - T1076\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote Desktop Protocol Mitigation - T1076\""],"Remote File Copy Mitigation - T1105":["misp-galaxy:mitre-course-of-action=\"Remote File Copy Mitigation - T1105\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote File Copy Mitigation - T1105\""],"Remote Services Mitigation - T1021":["misp-galaxy:mitre-course-of-action=\"Remote Services Mitigation - T1021\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote Services Mitigation - T1021\""],"Remote System Discovery Mitigation - T1018":["misp-galaxy:mitre-course-of-action=\"Remote System Discovery Mitigation - T1018\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Remote System Discovery Mitigation - T1018\""],"Replication Through Removable Media Mitigation - T1091":["misp-galaxy:mitre-course-of-action=\"Replication Through Removable Media Mitigation - T1091\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Replication Through Removable Media Mitigation - T1091\""],"Resource Hijacking Mitigation - T1496":["misp-galaxy:mitre-course-of-action=\"Resource Hijacking Mitigation - T1496\""],"Rootkit Mitigation - T1014":["misp-galaxy:mitre-course-of-action=\"Rootkit Mitigation - T1014\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Rootkit Mitigation - T1014\""],"Rundll32 Mitigation - T1085":["misp-galaxy:mitre-course-of-action=\"Rundll32 Mitigation - T1085\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Rundll32 Mitigation - T1085\""],"Runtime Data Manipulation Mitigation - T1494":["misp-galaxy:mitre-course-of-action=\"Runtime Data Manipulation Mitigation - T1494\""],"SID-History Injection Mitigation - T1178":["misp-galaxy:mitre-course-of-action=\"SID-History Injection Mitigation - T1178\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"SID-History Injection Mitigation - T1178\""],"SIP and Trust Provider Hijacking Mitigation - T1198":["misp-galaxy:mitre-course-of-action=\"SIP and Trust Provider Hijacking Mitigation - T1198\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"SIP and Trust Provider Hijacking Mitigation - T1198\""],"SSH Hijacking Mitigation - T1184":["misp-galaxy:mitre-course-of-action=\"SSH Hijacking Mitigation - T1184\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"SSH Hijacking Mitigation - T1184\""],"Scheduled Task Mitigation - T1053":["misp-galaxy:mitre-course-of-action=\"Scheduled Task Mitigation - T1053\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Scheduled Task Mitigation - T1053\""],"Scheduled Transfer Mitigation - T1029":["misp-galaxy:mitre-course-of-action=\"Scheduled Transfer Mitigation - T1029\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Scheduled Transfer Mitigation - T1029\""],"Screen Capture Mitigation - T1113":["misp-galaxy:mitre-course-of-action=\"Screen Capture Mitigation - T1113\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Screen Capture Mitigation - T1113\""],"Screensaver Mitigation - T1180":["misp-galaxy:mitre-course-of-action=\"Screensaver Mitigation - T1180\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Screensaver Mitigation - T1180\""],"Scripting Mitigation - T1064":["misp-galaxy:mitre-course-of-action=\"Scripting Mitigation - T1064\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Scripting Mitigation - T1064\""],"Security Software Discovery Mitigation - T1063":["misp-galaxy:mitre-course-of-action=\"Security Software Discovery Mitigation - T1063\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Security Software Discovery Mitigation - T1063\""],"Security Support Provider Mitigation - T1101":["misp-galaxy:mitre-course-of-action=\"Security Support Provider Mitigation - T1101\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Security Support Provider Mitigation - T1101\""],"Security Updates - M1001":["misp-galaxy:mitre-course-of-action=\"Security Updates - M1001\""],"Service Execution Mitigation - T1035":["misp-galaxy:mitre-course-of-action=\"Service Execution Mitigation - T1035\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Service Execution Mitigation - T1035\""],"Service Registry Permissions Weakness Mitigation - T1058":["misp-galaxy:mitre-course-of-action=\"Service Registry Permissions Weakness Mitigation - T1058\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Service Registry Permissions Weakness Mitigation - T1058\""],"Service Stop Mitigation - T1489":["misp-galaxy:mitre-course-of-action=\"Service Stop Mitigation - T1489\""],"Setuid and Setgid Mitigation - T1166":["misp-galaxy:mitre-course-of-action=\"Setuid and Setgid Mitigation - T1166\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Setuid and Setgid Mitigation - T1166\""],"Shared Webroot Mitigation - T1051":["misp-galaxy:mitre-course-of-action=\"Shared Webroot Mitigation - T1051\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Shared Webroot Mitigation - T1051\""],"Shortcut Modification Mitigation - T1023":["misp-galaxy:mitre-course-of-action=\"Shortcut Modification Mitigation - T1023\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Shortcut Modification Mitigation - T1023\""],"Signed Binary Proxy Execution Mitigation - T1218":["misp-galaxy:mitre-course-of-action=\"Signed Binary Proxy Execution Mitigation - T1218\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Signed Binary Proxy Execution Mitigation - T1218\""],"Signed Script Proxy Execution Mitigation - T1216":["misp-galaxy:mitre-course-of-action=\"Signed Script Proxy Execution Mitigation - T1216\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Signed Script Proxy Execution Mitigation - T1216\""],"Software Packing Mitigation - T1045":["misp-galaxy:mitre-course-of-action=\"Software Packing Mitigation - T1045\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Software Packing Mitigation - T1045\""],"Source Mitigation - T1153":["misp-galaxy:mitre-course-of-action=\"Source Mitigation - T1153\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Source Mitigation - T1153\""],"Space after Filename Mitigation - T1151":["misp-galaxy:mitre-course-of-action=\"Space after Filename Mitigation - T1151\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Space after Filename Mitigation - T1151\""],"Spearphishing Attachment Mitigation - T1193":["misp-galaxy:mitre-course-of-action=\"Spearphishing Attachment Mitigation - T1193\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Spearphishing Attachment Mitigation - T1193\""],"Spearphishing Link Mitigation - T1192":["misp-galaxy:mitre-course-of-action=\"Spearphishing Link Mitigation - T1192\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Spearphishing Link Mitigation - T1192\""],"Spearphishing via Service Mitigation - T1194":["misp-galaxy:mitre-course-of-action=\"Spearphishing via Service Mitigation - T1194\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Spearphishing via Service Mitigation - T1194\""],"Standard Application Layer Protocol Mitigation - T1071":["misp-galaxy:mitre-course-of-action=\"Standard Application Layer Protocol Mitigation - T1071\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Standard Application Layer Protocol Mitigation - T1071\""],"Standard Cryptographic Protocol Mitigation - T1032":["misp-galaxy:mitre-course-of-action=\"Standard Cryptographic Protocol Mitigation - T1032\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Standard Cryptographic Protocol Mitigation - T1032\""],"Standard Non-Application Layer Protocol Mitigation - T1095":["misp-galaxy:mitre-course-of-action=\"Standard Non-Application Layer Protocol Mitigation - T1095\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Standard Non-Application Layer Protocol Mitigation - T1095\""],"Startup Items Mitigation - T1165":["misp-galaxy:mitre-course-of-action=\"Startup Items Mitigation - T1165\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Startup Items Mitigation - T1165\""],"Stored Data Manipulation Mitigation - T1492":["misp-galaxy:mitre-course-of-action=\"Stored Data Manipulation Mitigation - T1492\""],"Sudo Caching Mitigation - T1206":["misp-galaxy:mitre-course-of-action=\"Sudo Caching Mitigation - T1206\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Sudo Caching Mitigation - T1206\""],"Sudo Mitigation - T1169":["misp-galaxy:mitre-course-of-action=\"Sudo Mitigation - T1169\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Sudo Mitigation - T1169\""],"Supply Chain Compromise Mitigation - T1195":["misp-galaxy:mitre-course-of-action=\"Supply Chain Compromise Mitigation - T1195\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Supply Chain Compromise Mitigation - T1195\""],"System Firmware Mitigation - T1019":["misp-galaxy:mitre-course-of-action=\"System Firmware Mitigation - T1019\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Firmware Mitigation - T1019\""],"System Information Discovery Mitigation - T1082":["misp-galaxy:mitre-course-of-action=\"System Information Discovery Mitigation - T1082\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Information Discovery Mitigation - T1082\""],"System Network Configuration Discovery Mitigation - T1016":["misp-galaxy:mitre-course-of-action=\"System Network Configuration Discovery Mitigation - T1016\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Network Configuration Discovery Mitigation - T1016\""],"System Network Connections Discovery Mitigation - T1049":["misp-galaxy:mitre-course-of-action=\"System Network Connections Discovery Mitigation - T1049\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Network Connections Discovery Mitigation - T1049\""],"System Owner\/User Discovery Mitigation - T1033":["misp-galaxy:mitre-course-of-action=\"System Owner\/User Discovery Mitigation - T1033\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Owner\/User Discovery Mitigation - T1033\""],"System Owner\/User Discovery Mitigation - T1482":["misp-galaxy:mitre-course-of-action=\"System Owner\/User Discovery Mitigation - T1482\""],"System Partition Integrity - M1004":["misp-galaxy:mitre-course-of-action=\"System Partition Integrity - M1004\""],"System Service Discovery Mitigation - T1007":["misp-galaxy:mitre-course-of-action=\"System Service Discovery Mitigation - T1007\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Service Discovery Mitigation - T1007\""],"System Time Discovery Mitigation - T1124":["misp-galaxy:mitre-course-of-action=\"System Time Discovery Mitigation - T1124\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"System Time Discovery Mitigation - T1124\""],"Systemd Service Mitigation - T1501":["misp-galaxy:mitre-course-of-action=\"Systemd Service Mitigation - T1501\""],"Taint Shared Content Mitigation - T1080":["misp-galaxy:mitre-course-of-action=\"Taint Shared Content Mitigation - T1080\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Taint Shared Content Mitigation - T1080\""],"Template Injection Mitigation - T1221":["misp-galaxy:mitre-course-of-action=\"Template Injection Mitigation - T1221\""],"Third-party Software Mitigation - T1072":["misp-galaxy:mitre-course-of-action=\"Third-party Software Mitigation - T1072\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Third-party Software Mitigation - T1072\""],"Time Providers Mitigation - T1209":["misp-galaxy:mitre-course-of-action=\"Time Providers Mitigation - T1209\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Time Providers Mitigation - T1209\""],"Timestomp Mitigation - T1099":["misp-galaxy:mitre-course-of-action=\"Timestomp Mitigation - T1099\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Timestomp Mitigation - T1099\""],"Transmitted Data Manipulation Mitigation - T1493":["misp-galaxy:mitre-course-of-action=\"Transmitted Data Manipulation Mitigation - T1493\""],"Trap Mitigation - T1154":["misp-galaxy:mitre-course-of-action=\"Trap Mitigation - T1154\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Trap Mitigation - T1154\""],"Trusted Developer Utilities Mitigation - T1127":["misp-galaxy:mitre-course-of-action=\"Trusted Developer Utilities Mitigation - T1127\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Trusted Developer Utilities Mitigation - T1127\""],"Trusted Relationship Mitigation - T1199":["misp-galaxy:mitre-course-of-action=\"Trusted Relationship Mitigation - T1199\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Trusted Relationship Mitigation - T1199\""],"Two-Factor Authentication Interception Mitigation - T1111":["misp-galaxy:mitre-course-of-action=\"Two-Factor Authentication Interception Mitigation - T1111\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Two-Factor Authentication Interception Mitigation - T1111\""],"Uncommonly Used Port Mitigation - T1065":["misp-galaxy:mitre-course-of-action=\"Uncommonly Used Port Mitigation - T1065\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Uncommonly Used Port Mitigation - T1065\""],"Use Device-Provided Credential Storage - M1008":["misp-galaxy:mitre-course-of-action=\"Use Device-Provided Credential Storage - M1008\""],"Use Recent OS Version - M1006":["misp-galaxy:mitre-course-of-action=\"Use Recent OS Version - M1006\""],"User Execution Mitigation - T1204":["misp-galaxy:mitre-course-of-action=\"User Execution Mitigation - T1204\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"User Execution Mitigation - T1204\""],"User Guidance - M1011":["misp-galaxy:mitre-course-of-action=\"User Guidance - M1011\""],"Valid Accounts Mitigation - T1078":["misp-galaxy:mitre-course-of-action=\"Valid Accounts Mitigation - T1078\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Valid Accounts Mitigation - T1078\""],"Video Capture Mitigation - T1125":["misp-galaxy:mitre-course-of-action=\"Video Capture Mitigation - T1125\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Video Capture Mitigation - T1125\""],"Virtualization\/Sandbox Evasion Mitigation - T1497":["misp-galaxy:mitre-course-of-action=\"Virtualization\/Sandbox Evasion Mitigation - T1497\""],"Web Service Mitigation - T1102":["misp-galaxy:mitre-course-of-action=\"Web Service Mitigation - T1102\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Web Service Mitigation - T1102\""],"Web Shell Mitigation - T1100":["misp-galaxy:mitre-course-of-action=\"Web Shell Mitigation - T1100\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Web Shell Mitigation - T1100\""],"Windows Admin Shares Mitigation - T1077":["misp-galaxy:mitre-course-of-action=\"Windows Admin Shares Mitigation - T1077\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Admin Shares Mitigation - T1077\""],"Windows Management Instrumentation Event Subscription Mitigation - T1084":["misp-galaxy:mitre-course-of-action=\"Windows Management Instrumentation Event Subscription Mitigation - T1084\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Management Instrumentation Event Subscription Mitigation - T1084\""],"Windows Management Instrumentation Mitigation - T1047":["misp-galaxy:mitre-course-of-action=\"Windows Management Instrumentation Mitigation - T1047\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Management Instrumentation Mitigation - T1047\""],"Windows Remote Management Mitigation - T1028":["misp-galaxy:mitre-course-of-action=\"Windows Remote Management Mitigation - T1028\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Windows Remote Management Mitigation - T1028\""],"Winlogon Helper DLL Mitigation - T1004":["misp-galaxy:mitre-course-of-action=\"Winlogon Helper DLL Mitigation - T1004\"","misp-galaxy:mitre-enterprise-attack-course-of-action=\"Winlogon Helper DLL Mitigation - T1004\""],"XSL Script Processing Mitigation - T1220":["misp-galaxy:mitre-course-of-action=\"XSL Script Processing Mitigation - T1220\""],"Registry Run Keys \/ Start Folder - T1060":["misp-galaxy:mitre-enterprise-attack-attack-pattern=\"Registry Run Keys \/ Start Folder - T1060\""],"Registry Run Keys \/ Start Folder Mitigation - T1060":["misp-galaxy:mitre-enterprise-attack-course-of-action=\"Registry Run Keys \/ Start Folder Mitigation - T1060\""],"APT1 - G0006":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\""],"APT1":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"Comment Crew":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"Comment Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"Comment Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-intrusion-set=\"APT1 - G0006\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT1 - G0006\"","misp-galaxy:threat-actor=\"Comment Crew\""],"APT12 - G0005":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\""],"APT12":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"IXESHE":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"DynCalc":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"Numbered Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:threat-actor=\"IXESHE\""],"DNSCALC":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-intrusion-set=\"APT12 - G0005\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT12 - G0005\""],"APT16 - G0023":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT16 - G0023\""],"APT16":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-intrusion-set=\"APT16 - G0023\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT16 - G0023\"","misp-galaxy:threat-actor=\"APT 16\""],"APT17 - G0025":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT17 - G0025\""],"APT17":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Deputy Dog":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-intrusion-set=\"APT17 - G0025\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT17 - G0025\"","misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"APT18 - G0026":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\""],"APT18":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\"","misp-galaxy:threat-actor=\"Wekby\""],"Threat Group-0416":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\""],"TG-0416":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\"","misp-galaxy:threat-actor=\"Wekby\""],"Dynamite Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT18 - G0026\"","misp-galaxy:mitre-intrusion-set=\"APT18 - G0026\"","misp-galaxy:threat-actor=\"Wekby\""],"APT28 - G0007":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\""],"Tsar Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Threat Group-4127":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"APT28 - G0007\""],"APT29 - G0016":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\""],"APT29":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"The Dukes":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"Cozy Bear":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"CozyDuke":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"APT3 - G0022":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\""],"APT3":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Gothic Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Pirpi":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\"","misp-galaxy:tool=\"Pirpi\""],"UPS Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Buckeye":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"Threat Group-0110":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\""],"TG-0110":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT3 - G0022\"","misp-galaxy:mitre-intrusion-set=\"APT3 - G0022\"","misp-galaxy:threat-actor=\"UPS\""],"APT30 - G0013":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT30 - G0013\"","misp-galaxy:mitre-intrusion-set=\"APT30 - G0013\""],"APT30":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT30 - G0013\"","misp-galaxy:mitre-intrusion-set=\"APT30 - G0013\"","misp-galaxy:threat-actor=\"APT 30\"","misp-galaxy:threat-actor=\"Naikon\""],"APT32 - G0050":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT32 - G0050\"","misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\""],"APT32":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT32 - G0050\"","misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"OceanLotus Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"APT33 - G0064":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"","misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\""],"APT33":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"","misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"","misp-galaxy:threat-actor=\"APT33\"","misp-galaxy:threat-actor=\"MAGNALLIUM\""],"APT34 - G0057":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT34 - G0057\"","misp-galaxy:mitre-intrusion-set=\"APT34 - G0057\""],"APT34":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT34 - G0057\"","misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\"","misp-galaxy:threat-actor=\"APT34\"","misp-galaxy:threat-actor=\"OilRig\""],"APT37 - G0067":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\""],"APT37":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"APT37\""],"ScarCruft":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"ScarCruft\""],"Group123":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\"","misp-galaxy:threat-actor=\"APT37\""],"TEMP.Reaper":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT37 - G0067\"","misp-galaxy:mitre-intrusion-set=\"APT37 - G0067\""],"Axiom - G0001":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Axiom - G0001\"","misp-galaxy:mitre-intrusion-set=\"Axiom - G0001\""],"Axiom":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Axiom - G0001\"","misp-galaxy:mitre-intrusion-set=\"Axiom - G0001\"","misp-galaxy:threat-actor=\"Axiom\""],"Group 72":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Axiom - G0001\"","misp-galaxy:mitre-intrusion-set=\"Axiom - G0001\"","misp-galaxy:threat-actor=\"Axiom\""],"BRONZE BUTLER - G0060":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\""],"BRONZE BUTLER":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\""],"REDBALDKNIGHT":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\""],"Tick":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:mitre-intrusion-set=\"BRONZE BUTLER - G0060\"","misp-galaxy:threat-actor=\"Tick\""],"BlackOasis - G0063":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BlackOasis - G0063\"","misp-galaxy:mitre-intrusion-set=\"BlackOasis - G0063\""],"BlackOasis":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"BlackOasis - G0063\"","misp-galaxy:mitre-intrusion-set=\"BlackOasis - G0063\"","misp-galaxy:threat-actor=\"BlackOasis\"","misp-galaxy:tool=\"FINSPY\""],"Carbanak - G0008":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\""],"Carbon Spider":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:mitre-intrusion-set=\"Carbanak - G0008\"","misp-galaxy:threat-actor=\"Anunak\""],"Charming Kitten - G0058":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Charming Kitten - G0058\"","misp-galaxy:mitre-intrusion-set=\"Charming Kitten - G0058\""],"Charming Kitten":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Charming Kitten - G0058\"","misp-galaxy:mitre-intrusion-set=\"Charming Kitten - G0058\"","misp-galaxy:threat-actor=\"Charming Kitten\""],"Cleaver - G0003":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\""],"Cleaver":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:threat-actor=\"Cleaver\""],"TG-2889":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"Threat Group 2889":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Cleaver - G0003\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"CopyKittens - G0052":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"CopyKittens - G0052\"","misp-galaxy:mitre-intrusion-set=\"CopyKittens - G0052\""],"CopyKittens":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"CopyKittens - G0052\"","misp-galaxy:mitre-intrusion-set=\"CopyKittens - G0052\"","misp-galaxy:threat-actor=\"CopyKittens\""],"Darkhotel - G0012":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Darkhotel - G0012\"","misp-galaxy:mitre-intrusion-set=\"Darkhotel - G0012\""],"Darkhotel":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Darkhotel - G0012\"","misp-galaxy:mitre-intrusion-set=\"Darkhotel - G0012\""],"Deep Panda - G0009":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\""],"Deep Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"Shell Crew":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"WebMasters":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"KungFu Kittens":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"PinkPanther":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Shell Crew\""],"Black Vine":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:mitre-intrusion-set=\"Deep Panda - G0009\"","misp-galaxy:threat-actor=\"Hurricane Panda\"","misp-galaxy:threat-actor=\"Shell Crew\""],"DragonOK - G0017":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"DragonOK - G0017\"","misp-galaxy:mitre-intrusion-set=\"DragonOK - G0017\""],"DragonOK":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"DragonOK - G0017\"","misp-galaxy:mitre-intrusion-set=\"DragonOK - G0017\"","misp-galaxy:threat-actor=\"DragonOK\""],"Dragonfly - G0035":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:mitre-intrusion-set=\"Dragonfly - G0035\""],"Dragonfly":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:mitre-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:threat-actor=\"Energetic Bear\""],"Energetic Bear":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:mitre-intrusion-set=\"Dragonfly - G0035\"","misp-galaxy:threat-actor=\"Energetic Bear\""],"Dust Storm - G0031":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dust Storm - G0031\"","misp-galaxy:mitre-intrusion-set=\"Dust Storm - G0031\""],"Dust Storm":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Dust Storm - G0031\"","misp-galaxy:mitre-intrusion-set=\"Dust Storm - G0031\"","misp-galaxy:threat-actor=\"Dust Storm\""],"Elderwood - G0066":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\""],"Elderwood":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Elderwood Gang":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Beijing Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Sneaky Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:mitre-intrusion-set=\"Elderwood - G0066\"","misp-galaxy:threat-actor=\"Beijing Group\""],"Equation - G0020":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Equation - G0020\"","misp-galaxy:mitre-intrusion-set=\"Equation - G0020\""],"Equation":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Equation - G0020\"","misp-galaxy:mitre-intrusion-set=\"Equation - G0020\""],"FIN10 - G0051":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN10 - G0051\"","misp-galaxy:mitre-intrusion-set=\"FIN10 - G0051\""],"FIN10":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN10 - G0051\"","misp-galaxy:mitre-intrusion-set=\"FIN10 - G0051\"","misp-galaxy:threat-actor=\"FIN10\""],"FIN5 - G0053":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN5 - G0053\"","misp-galaxy:mitre-intrusion-set=\"FIN5 - G0053\""],"FIN5":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN5 - G0053\"","misp-galaxy:mitre-intrusion-set=\"FIN5 - G0053\"","misp-galaxy:threat-actor=\"FIN5\""],"FIN6 - G0037":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN6 - G0037\"","misp-galaxy:mitre-intrusion-set=\"FIN6 - G0037\""],"FIN6":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN6 - G0037\"","misp-galaxy:mitre-intrusion-set=\"FIN6 - G0037\"","misp-galaxy:threat-actor=\"FIN6\""],"FIN7 - G0046":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN7 - G0046\"","misp-galaxy:mitre-intrusion-set=\"FIN7 - G0046\""],"FIN7":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN7 - G0046\"","misp-galaxy:mitre-intrusion-set=\"FIN7 - G0046\"","misp-galaxy:threat-actor=\"Anunak\""],"FIN8 - G0061":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN8 - G0061\"","misp-galaxy:mitre-intrusion-set=\"FIN8 - G0061\""],"FIN8":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"FIN8 - G0061\"","misp-galaxy:mitre-intrusion-set=\"FIN8 - G0061\"","misp-galaxy:threat-actor=\"FIN8\""],"GCMAN - G0036":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"GCMAN - G0036\"","misp-galaxy:mitre-intrusion-set=\"GCMAN - G0036\""],"GCMAN":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"GCMAN - G0036\"","misp-galaxy:mitre-intrusion-set=\"GCMAN - G0036\"","misp-galaxy:threat-actor=\"GCMAN\""],"Gamaredon Group - G0047":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Gamaredon Group - G0047\"","misp-galaxy:mitre-intrusion-set=\"Gamaredon Group - G0047\""],"Gamaredon Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Gamaredon Group - G0047\"","misp-galaxy:mitre-intrusion-set=\"Gamaredon Group - G0047\"","misp-galaxy:threat-actor=\"Gamaredon Group\""],"Group5 - G0043":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Group5 - G0043\"","misp-galaxy:mitre-intrusion-set=\"Group5 - G0043\""],"Group5":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Group5 - G0043\"","misp-galaxy:mitre-intrusion-set=\"Group5 - G0043\"","misp-galaxy:threat-actor=\"Group5\""],"Ke3chang - G0004":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\""],"Ke3chang":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\""],"Lazarus Group - G0032":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"Lazarus Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:threat-actor=\"Lazarus Group\""],"HIDDEN COBRA":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"Guardians of Peace":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"ZINC":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"NICKEL ACADEMY":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lazarus Group - G0032\"","misp-galaxy:mitre-intrusion-set=\"Lazarus Group - G0032\""],"Leviathan - G0065":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\""],"Leviathan":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"TEMP.Periscope":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"Lotus Blossom - G0030":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\""],"Lotus Blossom":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:threat-actor=\"Lotus Blossom\""],"Spring Dragon":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:threat-actor=\"Lotus Blossom\""],"MONSOON - G0042":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MONSOON - G0042\"","misp-galaxy:mitre-intrusion-set=\"MONSOON - G0042\""],"Magic Hound - G0059":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\""],"Magic Hound":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Cleaver\""],"Rocket Kitten":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Rocket Kitten\""],"Operation Saffron Rose":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\""],"Ajax Security Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Flying Kitten\""],"Operation Woolen-Goldfish":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Rocket Kitten\""],"Newscaster":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Charming Kitten\""],"Cobalt Gypsy":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"OilRig\""],"Moafee - G0002":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Moafee - G0002\"","misp-galaxy:mitre-intrusion-set=\"Moafee - G0002\""],"Moafee":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Moafee - G0002\"","misp-galaxy:mitre-intrusion-set=\"Moafee - G0002\"","misp-galaxy:threat-actor=\"DragonOK\""],"Molerats - G0021":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\""],"Molerats":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\"","misp-galaxy:threat-actor=\"Molerats\""],"Operation Molerats":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\"","misp-galaxy:threat-actor=\"Molerats\""],"Gaza Cybergang":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Molerats - G0021\"","misp-galaxy:mitre-intrusion-set=\"Molerats - G0021\"","misp-galaxy:threat-actor=\"Molerats\""],"MuddyWater - G0069":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\""],"MuddyWater":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:threat-actor=\"MuddyWater\""],"TEMP.Zagros":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:threat-actor=\"MuddyWater\""],"NEODYMIUM - G0055":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"NEODYMIUM - G0055\"","misp-galaxy:mitre-intrusion-set=\"NEODYMIUM - G0055\""],"Naikon - G0019":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Naikon - G0019\"","misp-galaxy:mitre-intrusion-set=\"Naikon - G0019\""],"Night Dragon - G0014":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Night Dragon - G0014\""],"Night Dragon":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:threat-actor=\"Night Dragon\""],"Musical Chairs":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Night Dragon - G0014\"","misp-galaxy:mitre-pre-attack-intrusion-set=\"Night Dragon - G0014\""],"OilRig - G0049":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"OilRig - G0049\"","misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\""],"PLATINUM - G0068":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PLATINUM - G0068\"","misp-galaxy:mitre-intrusion-set=\"PLATINUM - G0068\""],"PROMETHIUM - G0056":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PROMETHIUM - G0056\"","misp-galaxy:mitre-intrusion-set=\"PROMETHIUM - G0056\""],"Patchwork - G0040":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\""],"Patchwork":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:threat-actor=\"Dropping Elephant\""],"Dropping Elephant":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:threat-actor=\"Dropping Elephant\""],"Chinastrats":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:threat-actor=\"Dropping Elephant\""],"MONSOON":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\""],"Operation Hangover":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Patchwork - G0040\"","misp-galaxy:mitre-intrusion-set=\"Patchwork - G0040\""],"PittyTiger - G0011":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PittyTiger - G0011\"","misp-galaxy:mitre-intrusion-set=\"PittyTiger - G0011\""],"PittyTiger":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"PittyTiger - G0011\"","misp-galaxy:mitre-intrusion-set=\"PittyTiger - G0011\"","misp-galaxy:threat-actor=\"Pitty Panda\""],"Poseidon Group - G0033":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Poseidon Group - G0033\"","misp-galaxy:mitre-intrusion-set=\"Poseidon Group - G0033\""],"Poseidon Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Poseidon Group - G0033\"","misp-galaxy:mitre-intrusion-set=\"Poseidon Group - G0033\"","misp-galaxy:threat-actor=\"Poseidon Group\""],"Putter Panda - G0024":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\""],"Putter Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:threat-actor=\"Putter Panda\""],"APT2":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:threat-actor=\"Putter Panda\""],"MSUpdater":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:mitre-intrusion-set=\"Putter Panda - G0024\"","misp-galaxy:threat-actor=\"Putter Panda\"","misp-galaxy:tool=\"MSUpdater\""],"RTM - G0048":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"RTM - G0048\"","misp-galaxy:mitre-intrusion-set=\"RTM - G0048\""],"Sandworm Team - G0034":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\""],"Sandworm Team":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:threat-actor=\"Sandworm\""],"Quedagh":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\"","misp-galaxy:threat-actor=\"Sandworm\""],"Scarlet Mimic - G0029":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Scarlet Mimic - G0029\"","misp-galaxy:mitre-intrusion-set=\"Scarlet Mimic - G0029\""],"Scarlet Mimic":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Scarlet Mimic - G0029\"","misp-galaxy:mitre-intrusion-set=\"Scarlet Mimic - G0029\"","misp-galaxy:threat-actor=\"Scarlet Mimic\""],"Sowbug - G0054":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sowbug - G0054\"","misp-galaxy:mitre-intrusion-set=\"Sowbug - G0054\""],"Sowbug":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Sowbug - G0054\"","misp-galaxy:mitre-intrusion-set=\"Sowbug - G0054\"","misp-galaxy:threat-actor=\"Sowbug\""],"Stealth Falcon - G0038":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Stealth Falcon - G0038\"","misp-galaxy:mitre-intrusion-set=\"Stealth Falcon - G0038\""],"Stealth Falcon":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Stealth Falcon - G0038\"","misp-galaxy:mitre-intrusion-set=\"Stealth Falcon - G0038\"","misp-galaxy:threat-actor=\"Stealth Falcon\""],"Strider - G0041":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-intrusion-set=\"Strider - G0041\""],"Strider":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-intrusion-set=\"Strider - G0041\"","misp-galaxy:threat-actor=\"ProjectSauron\""],"ProjectSauron":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-intrusion-set=\"Strider - G0041\"","misp-galaxy:mitre-malware=\"Remsec - S0125\"","misp-galaxy:threat-actor=\"ProjectSauron\""],"Suckfly - G0039":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Suckfly - G0039\"","misp-galaxy:mitre-intrusion-set=\"Suckfly - G0039\""],"Suckfly":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Suckfly - G0039\"","misp-galaxy:mitre-intrusion-set=\"Suckfly - G0039\"","misp-galaxy:threat-actor=\"Suckfly\""],"TA459 - G0062":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"TA459 - G0062\"","misp-galaxy:mitre-intrusion-set=\"TA459 - G0062\""],"TA459":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"TA459 - G0062\"","misp-galaxy:mitre-intrusion-set=\"TA459 - G0062\"","misp-galaxy:threat-actor=\"TA459\""],"Taidoor - G0015":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Taidoor - G0015\"","misp-galaxy:mitre-intrusion-set=\"Taidoor - G0015\""],"Taidoor":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Taidoor - G0015\"","misp-galaxy:mitre-enterprise-attack-malware=\"Taidoor - S0011\"","misp-galaxy:mitre-intrusion-set=\"Taidoor - G0015\"","misp-galaxy:mitre-malware=\"Taidoor - S0011\"","misp-galaxy:threat-actor=\"Taidoor\"","misp-galaxy:tool=\"Taidoor\""],"Threat Group-1314 - G0028":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-1314 - G0028\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-1314 - G0028\""],"Threat Group-1314":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-1314 - G0028\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-1314 - G0028\""],"TG-1314":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-1314 - G0028\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-1314 - G0028\""],"Threat Group-3390 - G0027":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\""],"Threat Group-3390":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Threat Group-3390\""],"TG-3390":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\"","misp-galaxy:threat-actor=\"Threat Group-3390\""],"Emissary Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\"","misp-galaxy:threat-actor=\"Threat Group-3390\""],"BRONZE UNION":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\""],"Turla - G0010":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\""],"Turla":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:threat-actor=\"Turla Group\"","misp-galaxy:tool=\"Turla\""],"Waterbug":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Turla - G0010\"","misp-galaxy:mitre-intrusion-set=\"Turla - G0010\"","misp-galaxy:threat-actor=\"Turla Group\""],"Winnti Group - G0044":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:mitre-intrusion-set=\"Winnti Group - G0044\""],"Winnti Group":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:mitre-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:threat-actor=\"Axiom\""],"Blackfly":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:mitre-intrusion-set=\"Winnti Group - G0044\"","misp-galaxy:threat-actor=\"Axiom\""],"admin@338 - G0018":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"admin@338 - G0018\"","misp-galaxy:mitre-intrusion-set=\"admin@338 - G0018\""],"admin@338":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"admin@338 - G0018\"","misp-galaxy:mitre-intrusion-set=\"admin@338 - G0018\"","misp-galaxy:threat-actor=\"Temper Panda\""],"menuPass - G0045":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\""],"menuPass":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"Stone Panda":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"APT10":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"Red Apollo":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"CVNX":["misp-galaxy:mitre-enterprise-attack-intrusion-set=\"menuPass - G0045\"","misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"3PARA RAT - S0066":["misp-galaxy:mitre-enterprise-attack-malware=\"3PARA RAT - S0066\"","misp-galaxy:mitre-malware=\"3PARA RAT - S0066\""],"3PARA RAT":["misp-galaxy:mitre-enterprise-attack-malware=\"3PARA RAT - S0066\"","misp-galaxy:mitre-malware=\"3PARA RAT - S0066\"","misp-galaxy:rat=\"3PARA RAT\""],"4H RAT - S0065":["misp-galaxy:mitre-enterprise-attack-malware=\"4H RAT - S0065\"","misp-galaxy:mitre-malware=\"4H RAT - S0065\""],"4H RAT":["misp-galaxy:mitre-enterprise-attack-malware=\"4H RAT - S0065\"","misp-galaxy:mitre-malware=\"4H RAT - S0065\"","misp-galaxy:rat=\"4H RAT\""],"ADVSTORESHELL - S0045":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\""],"ADVSTORESHELL":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"NETUI":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"EVILTOSS":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"AZZY":["misp-galaxy:mitre-enterprise-attack-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:mitre-malware=\"ADVSTORESHELL - S0045\"","misp-galaxy:tool=\"EVILTOSS\""],"ASPXSpy - S0073":["misp-galaxy:mitre-enterprise-attack-malware=\"ASPXSpy - S0073\"","misp-galaxy:mitre-malware=\"ASPXSpy - S0073\""],"ASPXSpy":["misp-galaxy:mitre-enterprise-attack-malware=\"ASPXSpy - S0073\"","misp-galaxy:mitre-malware=\"ASPXSpy - S0073\""],"ASPXTool":["misp-galaxy:mitre-enterprise-attack-malware=\"ASPXSpy - S0073\"","misp-galaxy:mitre-malware=\"ASPXSpy - S0073\""],"Agent.btz - S0092":["misp-galaxy:mitre-enterprise-attack-malware=\"Agent.btz - S0092\"","misp-galaxy:mitre-malware=\"Agent.btz - S0092\""],"Agent.btz":["misp-galaxy:mitre-enterprise-attack-malware=\"Agent.btz - S0092\"","misp-galaxy:mitre-malware=\"Agent.btz - S0092\""],"AutoIt backdoor - S0129":["misp-galaxy:mitre-enterprise-attack-malware=\"AutoIt backdoor - S0129\"","misp-galaxy:mitre-malware=\"AutoIt backdoor - S0129\""],"AutoIt backdoor":["misp-galaxy:mitre-enterprise-attack-malware=\"AutoIt backdoor - S0129\"","misp-galaxy:mitre-malware=\"AutoIt backdoor - S0129\""],"BACKSPACE - S0031":["misp-galaxy:mitre-enterprise-attack-malware=\"BACKSPACE - S0031\"","misp-galaxy:mitre-malware=\"BACKSPACE - S0031\""],"BACKSPACE":["misp-galaxy:mitre-enterprise-attack-malware=\"BACKSPACE - S0031\"","misp-galaxy:mitre-malware=\"BACKSPACE - S0031\""],"Lecna":["misp-galaxy:mitre-enterprise-attack-malware=\"BACKSPACE - S0031\"","misp-galaxy:mitre-malware=\"BACKSPACE - S0031\"","misp-galaxy:tool=\"Backspace\""],"BADNEWS - S0128":["misp-galaxy:mitre-enterprise-attack-malware=\"BADNEWS - S0128\"","misp-galaxy:mitre-malware=\"BADNEWS - S0128\""],"BADNEWS":["misp-galaxy:mitre-enterprise-attack-malware=\"BADNEWS - S0128\"","misp-galaxy:mitre-malware=\"BADNEWS - S0128\""],"BBSRAT - S0127":["misp-galaxy:mitre-enterprise-attack-malware=\"BBSRAT - S0127\"","misp-galaxy:mitre-malware=\"BBSRAT - S0127\""],"BISCUIT - S0017":["misp-galaxy:mitre-enterprise-attack-malware=\"BISCUIT - S0017\"","misp-galaxy:mitre-malware=\"BISCUIT - S0017\""],"BISCUIT":["misp-galaxy:mitre-enterprise-attack-malware=\"BISCUIT - S0017\"","misp-galaxy:mitre-malware=\"BISCUIT - S0017\"","misp-galaxy:tool=\"BISCUIT\""],"BLACKCOFFEE - S0069":["misp-galaxy:mitre-enterprise-attack-malware=\"BLACKCOFFEE - S0069\"","misp-galaxy:mitre-malware=\"BLACKCOFFEE - S0069\""],"BOOTRASH - S0114":["misp-galaxy:mitre-enterprise-attack-malware=\"BOOTRASH - S0114\"","misp-galaxy:mitre-malware=\"BOOTRASH - S0114\""],"BOOTRASH":["misp-galaxy:mitre-enterprise-attack-malware=\"BOOTRASH - S0114\"","misp-galaxy:mitre-malware=\"BOOTRASH - S0114\""],"BS2005 - S0014":["misp-galaxy:mitre-enterprise-attack-malware=\"BS2005 - S0014\"","misp-galaxy:mitre-malware=\"BS2005 - S0014\""],"BUBBLEWRAP - S0043":["misp-galaxy:mitre-enterprise-attack-malware=\"BUBBLEWRAP - S0043\"","misp-galaxy:mitre-malware=\"BUBBLEWRAP - S0043\""],"Backdoor.APT.FakeWinHTTPHelper":["misp-galaxy:mitre-enterprise-attack-malware=\"BUBBLEWRAP - S0043\"","misp-galaxy:mitre-malware=\"BUBBLEWRAP - S0043\""],"Backdoor.Oldrea - S0093":["misp-galaxy:mitre-enterprise-attack-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:mitre-malware=\"Backdoor.Oldrea - S0093\""],"Backdoor.Oldrea":["misp-galaxy:mitre-enterprise-attack-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:mitre-malware=\"Backdoor.Oldrea - S0093\""],"Havex":["misp-galaxy:mitre-enterprise-attack-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:mitre-malware=\"Backdoor.Oldrea - S0093\"","misp-galaxy:threat-actor=\"Energetic Bear\"","misp-galaxy:tool=\"Havex RAT\""],"BlackEnergy - S0089":["misp-galaxy:mitre-enterprise-attack-malware=\"BlackEnergy - S0089\"","misp-galaxy:mitre-malware=\"BlackEnergy - S0089\""],"Black Energy":["misp-galaxy:mitre-enterprise-attack-malware=\"BlackEnergy - S0089\"","misp-galaxy:mitre-malware=\"BlackEnergy - S0089\"","misp-galaxy:threat-actor=\"Sandworm\""],"Briba - S0204":["misp-galaxy:mitre-enterprise-attack-malware=\"Briba - S0204\"","misp-galaxy:mitre-malware=\"Briba - S0204\""],"Briba":["misp-galaxy:mitre-enterprise-attack-malware=\"Briba - S0204\"","misp-galaxy:mitre-malware=\"Briba - S0204\""],"CALENDAR - S0025":["misp-galaxy:mitre-enterprise-attack-malware=\"CALENDAR - S0025\"","misp-galaxy:mitre-malware=\"CALENDAR - S0025\""],"CALENDAR":["misp-galaxy:mitre-enterprise-attack-malware=\"CALENDAR - S0025\"","misp-galaxy:mitre-malware=\"CALENDAR - S0025\"","misp-galaxy:tool=\"CALENDAR\""],"CCBkdr - S0222":["misp-galaxy:mitre-enterprise-attack-malware=\"CCBkdr - S0222\"","misp-galaxy:mitre-malware=\"CCBkdr - S0222\""],"CCBkdr":["misp-galaxy:mitre-enterprise-attack-malware=\"CCBkdr - S0222\"","misp-galaxy:mitre-malware=\"CCBkdr - S0222\""],"CHOPSTICK - S0023":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\""],"CHOPSTICK":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:tool=\"CHOPSTICK\""],"SPLM":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:tool=\"CHOPSTICK\""],"Xagent":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\""],"X-Agent":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-mobile-attack-malware=\"X-Agent - MOB-S0030\"","misp-galaxy:tool=\"X-Agent\""],"webhp":["misp-galaxy:mitre-enterprise-attack-malware=\"CHOPSTICK - S0023\"","misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\"","misp-galaxy:tool=\"CHOPSTICK\""],"CORALDECK - S0212":["misp-galaxy:mitre-enterprise-attack-malware=\"CORALDECK - S0212\"","misp-galaxy:mitre-malware=\"CORALDECK - S0212\""],"CORALDECK":["misp-galaxy:mitre-enterprise-attack-malware=\"CORALDECK - S0212\"","misp-galaxy:mitre-malware=\"CORALDECK - S0212\"","misp-galaxy:tool=\"CORALDECK\""],"CORESHELL - S0137":["misp-galaxy:mitre-enterprise-attack-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\""],"CORESHELL":["misp-galaxy:mitre-enterprise-attack-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\"","misp-galaxy:tool=\"CORESHELL\""],"SOURFACE":["misp-galaxy:mitre-enterprise-attack-malware=\"CORESHELL - S0137\"","misp-galaxy:mitre-malware=\"CORESHELL - S0137\"","misp-galaxy:tool=\"SOURFACE\""],"CallMe - S0077":["misp-galaxy:mitre-enterprise-attack-malware=\"CallMe - S0077\"","misp-galaxy:mitre-malware=\"CallMe - S0077\""],"CallMe":["misp-galaxy:mitre-enterprise-attack-malware=\"CallMe - S0077\"","misp-galaxy:mitre-malware=\"CallMe - S0077\""],"Carbanak - S0030":["misp-galaxy:mitre-enterprise-attack-malware=\"Carbanak - S0030\"","misp-galaxy:mitre-malware=\"Carbanak - S0030\""],"ChChes - S0144":["misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\""],"Scorpion":["misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\""],"HAYMAKER":["misp-galaxy:mitre-enterprise-attack-malware=\"ChChes - S0144\"","misp-galaxy:mitre-malware=\"ChChes - S0144\"","misp-galaxy:tool=\"HAYMAKER\""],"Chaos - S0220":["misp-galaxy:mitre-enterprise-attack-malware=\"Chaos - S0220\"","misp-galaxy:mitre-malware=\"Chaos - S0220\""],"Chaos":["misp-galaxy:mitre-enterprise-attack-malware=\"Chaos - S0220\"","misp-galaxy:mitre-malware=\"Chaos - S0220\""],"Cherry Picker - S0107":["misp-galaxy:mitre-enterprise-attack-malware=\"Cherry Picker - S0107\"","misp-galaxy:mitre-malware=\"Cherry Picker - S0107\""],"Cherry Picker":["misp-galaxy:mitre-enterprise-attack-malware=\"Cherry Picker - S0107\"","misp-galaxy:mitre-malware=\"Cherry Picker - S0107\""],"China Chopper - S0020":["misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper - S0020\"","misp-galaxy:mitre-malware=\"China Chopper - S0020\""],"China Chopper":["misp-galaxy:mitre-enterprise-attack-malware=\"China Chopper - S0020\"","misp-galaxy:mitre-malware=\"China Chopper - S0020\"","misp-galaxy:tool=\"China Chopper\""],"CloudDuke - S0054":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"CloudDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"MiniDionis":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"CloudLook":["misp-galaxy:mitre-enterprise-attack-malware=\"CloudDuke - S0054\"","misp-galaxy:mitre-malware=\"CloudDuke - S0054\""],"ComRAT - S0126":["misp-galaxy:mitre-enterprise-attack-malware=\"ComRAT - S0126\"","misp-galaxy:mitre-malware=\"ComRAT - S0126\""],"CosmicDuke - S0050":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"CosmicDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"TinyBaron":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"BotgenStudios":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"NemesisGemina":["misp-galaxy:mitre-enterprise-attack-malware=\"CosmicDuke - S0050\"","misp-galaxy:mitre-malware=\"CosmicDuke - S0050\""],"CozyCar - S0046":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\""],"CozyCar":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"CozyBear":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"Cozer":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"EuroAPT":["misp-galaxy:mitre-enterprise-attack-malware=\"CozyCar - S0046\"","misp-galaxy:mitre-malware=\"CozyCar - S0046\"","misp-galaxy:threat-actor=\"APT 29\""],"Crimson - S0115":["misp-galaxy:mitre-enterprise-attack-malware=\"Crimson - S0115\"","misp-galaxy:mitre-malware=\"Crimson - S0115\""],"MSIL\/Crimson":["misp-galaxy:mitre-enterprise-attack-malware=\"Crimson - S0115\"","misp-galaxy:mitre-malware=\"Crimson - S0115\""],"DOGCALL - S0213":["misp-galaxy:mitre-enterprise-attack-malware=\"DOGCALL - S0213\"","misp-galaxy:mitre-malware=\"DOGCALL - S0213\""],"DOGCALL":["misp-galaxy:mitre-enterprise-attack-malware=\"DOGCALL - S0213\"","misp-galaxy:mitre-malware=\"DOGCALL - S0213\"","misp-galaxy:tool=\"DOGCALL\""],"Darkmoon - S0209":["misp-galaxy:mitre-enterprise-attack-malware=\"Darkmoon - S0209\"","misp-galaxy:mitre-malware=\"Darkmoon - S0209\""],"Daserf - S0187":["misp-galaxy:mitre-enterprise-attack-malware=\"Daserf - S0187\"","misp-galaxy:mitre-malware=\"Daserf - S0187\""],"Derusbi - S0021":["misp-galaxy:mitre-enterprise-attack-malware=\"Derusbi - S0021\"","misp-galaxy:mitre-malware=\"Derusbi - S0021\""],"Dipsind - S0200":["misp-galaxy:mitre-enterprise-attack-malware=\"Dipsind - S0200\"","misp-galaxy:mitre-malware=\"Dipsind - S0200\""],"Dipsind":["misp-galaxy:mitre-enterprise-attack-malware=\"Dipsind - S0200\"","misp-galaxy:mitre-malware=\"Dipsind - S0200\""],"DownPaper - S0186":["misp-galaxy:mitre-enterprise-attack-malware=\"DownPaper - S0186\"","misp-galaxy:mitre-malware=\"DownPaper - S0186\""],"Downdelph - S0134":["misp-galaxy:mitre-enterprise-attack-malware=\"Downdelph - S0134\"","misp-galaxy:mitre-malware=\"Downdelph - S0134\""],"Delphacy":["misp-galaxy:mitre-enterprise-attack-malware=\"Downdelph - S0134\"","misp-galaxy:mitre-malware=\"Downdelph - S0134\""],"Duqu - S0038":["misp-galaxy:mitre-enterprise-attack-malware=\"Duqu - S0038\"","misp-galaxy:mitre-malware=\"Duqu - S0038\""],"Duqu":["misp-galaxy:mitre-enterprise-attack-malware=\"Duqu - S0038\"","misp-galaxy:mitre-malware=\"Duqu - S0038\"","misp-galaxy:tool=\"Duqu\""],"DustySky - S0062":["misp-galaxy:mitre-enterprise-attack-malware=\"DustySky - S0062\"","misp-galaxy:mitre-malware=\"DustySky - S0062\""],"DustySky":["misp-galaxy:mitre-enterprise-attack-malware=\"DustySky - S0062\"","misp-galaxy:mitre-malware=\"DustySky - S0062\""],"NeD Worm":["misp-galaxy:mitre-enterprise-attack-malware=\"DustySky - S0062\"","misp-galaxy:mitre-malware=\"DustySky - S0062\"","misp-galaxy:tool=\"NeD Worm\""],"Dyre - S0024":["misp-galaxy:mitre-enterprise-attack-malware=\"Dyre - S0024\"","misp-galaxy:mitre-malware=\"Dyre - S0024\""],"ELMER - S0064":["misp-galaxy:mitre-enterprise-attack-malware=\"ELMER - S0064\"","misp-galaxy:mitre-malware=\"ELMER - S0064\""],"Elise - S0081":["misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\""],"BKDR_ESILE":["misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\""],"Page":["misp-galaxy:mitre-enterprise-attack-malware=\"Elise - S0081\"","misp-galaxy:mitre-malware=\"Elise - S0081\""],"Emissary - S0082":["misp-galaxy:mitre-enterprise-attack-malware=\"Emissary - S0082\"","misp-galaxy:mitre-malware=\"Emissary - S0082\""],"Emissary":["misp-galaxy:mitre-enterprise-attack-malware=\"Emissary - S0082\"","misp-galaxy:mitre-malware=\"Emissary - S0082\""],"Epic - S0091":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\""],"Epic":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\""],"Tavdig":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"WorldCupSec":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"TadjMakhal":["misp-galaxy:mitre-enterprise-attack-malware=\"Epic - S0091\"","misp-galaxy:mitre-malware=\"Epic - S0091\"","misp-galaxy:tool=\"Wipbot\""],"EvilGrab - S0152":["misp-galaxy:mitre-enterprise-attack-malware=\"EvilGrab - S0152\"","misp-galaxy:mitre-malware=\"EvilGrab - S0152\""],"FALLCHILL - S0181":["misp-galaxy:mitre-enterprise-attack-malware=\"FALLCHILL - S0181\"","misp-galaxy:mitre-malware=\"FALLCHILL - S0181\""],"FLASHFLOOD - S0036":["misp-galaxy:mitre-enterprise-attack-malware=\"FLASHFLOOD - S0036\"","misp-galaxy:mitre-malware=\"FLASHFLOOD - S0036\""],"FLIPSIDE - S0173":["misp-galaxy:mitre-enterprise-attack-malware=\"FLIPSIDE - S0173\"","misp-galaxy:mitre-malware=\"FLIPSIDE - S0173\""],"FLIPSIDE":["misp-galaxy:mitre-enterprise-attack-malware=\"FLIPSIDE - S0173\"","misp-galaxy:mitre-malware=\"FLIPSIDE - S0173\""],"FakeM - S0076":["misp-galaxy:mitre-enterprise-attack-malware=\"FakeM - S0076\"","misp-galaxy:mitre-malware=\"FakeM - S0076\""],"FakeM":["misp-galaxy:mitre-enterprise-attack-malware=\"FakeM - S0076\"","misp-galaxy:mitre-malware=\"FakeM - S0076\""],"Felismus - S0171":["misp-galaxy:mitre-enterprise-attack-malware=\"Felismus - S0171\"","misp-galaxy:mitre-malware=\"Felismus - S0171\""],"FinFisher - S0182":["misp-galaxy:mitre-enterprise-attack-malware=\"FinFisher - S0182\"","misp-galaxy:mitre-malware=\"FinFisher - S0182\""],"FinFisher":["misp-galaxy:mitre-enterprise-attack-malware=\"FinFisher - S0182\"","misp-galaxy:mitre-malware=\"FinFisher - S0182\""],"Flame - S0143":["misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\""],"Flamer":["misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\""],"sKyWIper":["misp-galaxy:mitre-enterprise-attack-malware=\"Flame - S0143\"","misp-galaxy:mitre-malware=\"Flame - S0143\""],"GLOOXMAIL - S0026":["misp-galaxy:mitre-enterprise-attack-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:mitre-malware=\"GLOOXMAIL - S0026\""],"GLOOXMAIL":["misp-galaxy:mitre-enterprise-attack-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:mitre-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:tool=\"GLOOXMAIL\""],"Trojan.GTALK":["misp-galaxy:mitre-enterprise-attack-malware=\"GLOOXMAIL - S0026\"","misp-galaxy:mitre-malware=\"GLOOXMAIL - S0026\""],"Gazer - S0168":["misp-galaxy:mitre-enterprise-attack-malware=\"Gazer - S0168\"","misp-galaxy:mitre-malware=\"Gazer - S0168\""],"GeminiDuke - S0049":["misp-galaxy:mitre-enterprise-attack-malware=\"GeminiDuke - S0049\"","misp-galaxy:mitre-malware=\"GeminiDuke - S0049\""],"GeminiDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"GeminiDuke - S0049\"","misp-galaxy:mitre-malware=\"GeminiDuke - S0049\"","misp-galaxy:tool=\"GeminiDuke\""],"H1N1 - S0132":["misp-galaxy:mitre-enterprise-attack-malware=\"H1N1 - S0132\"","misp-galaxy:mitre-malware=\"H1N1 - S0132\""],"H1N1":["misp-galaxy:mitre-enterprise-attack-malware=\"H1N1 - S0132\"","misp-galaxy:mitre-malware=\"H1N1 - S0132\""],"HALFBAKED - S0151":["misp-galaxy:mitre-enterprise-attack-malware=\"HALFBAKED - S0151\"","misp-galaxy:mitre-malware=\"HALFBAKED - S0151\""],"HAMMERTOSS - S0037":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"HAMMERTOSS":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"HammerDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"NetDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"HAMMERTOSS - S0037\"","misp-galaxy:mitre-malware=\"HAMMERTOSS - S0037\""],"HAPPYWORK - S0214":["misp-galaxy:mitre-enterprise-attack-malware=\"HAPPYWORK - S0214\"","misp-galaxy:mitre-malware=\"HAPPYWORK - S0214\""],"HAPPYWORK":["misp-galaxy:mitre-enterprise-attack-malware=\"HAPPYWORK - S0214\"","misp-galaxy:mitre-malware=\"HAPPYWORK - S0214\"","misp-galaxy:tool=\"HAPPYWORK\""],"HDoor - S0061":["misp-galaxy:mitre-enterprise-attack-malware=\"HDoor - S0061\"","misp-galaxy:mitre-malware=\"HDoor - S0061\""],"HDoor":["misp-galaxy:mitre-enterprise-attack-malware=\"HDoor - S0061\"","misp-galaxy:mitre-malware=\"HDoor - S0061\""],"Custom HDoor":["misp-galaxy:mitre-enterprise-attack-malware=\"HDoor - S0061\"","misp-galaxy:mitre-malware=\"HDoor - S0061\""],"HIDEDRV - S0135":["misp-galaxy:mitre-enterprise-attack-malware=\"HIDEDRV - S0135\"","misp-galaxy:mitre-malware=\"HIDEDRV - S0135\""],"HIDEDRV":["misp-galaxy:mitre-enterprise-attack-malware=\"HIDEDRV - S0135\"","misp-galaxy:mitre-malware=\"HIDEDRV - S0135\""],"HOMEFRY - S0232":["misp-galaxy:mitre-enterprise-attack-malware=\"HOMEFRY - S0232\"","misp-galaxy:mitre-malware=\"HOMEFRY - S0232\""],"HOMEFRY":["misp-galaxy:mitre-enterprise-attack-malware=\"HOMEFRY - S0232\"","misp-galaxy:mitre-malware=\"HOMEFRY - S0232\""],"HTTPBrowser - S0070":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\""],"HTTPBrowser":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\"","misp-galaxy:tool=\"HTTPBrowser\""],"Token Control":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\""],"HttpDump":["misp-galaxy:mitre-enterprise-attack-malware=\"HTTPBrowser - S0070\"","misp-galaxy:mitre-malware=\"HTTPBrowser - S0070\""],"Hacking Team UEFI Rootkit - S0047":["misp-galaxy:mitre-enterprise-attack-malware=\"Hacking Team UEFI Rootkit - S0047\"","misp-galaxy:mitre-malware=\"Hacking Team UEFI Rootkit - S0047\""],"Hacking Team UEFI Rootkit":["misp-galaxy:mitre-enterprise-attack-malware=\"Hacking Team UEFI Rootkit - S0047\"","misp-galaxy:mitre-malware=\"Hacking Team UEFI Rootkit - S0047\""],"Helminth - S0170":["misp-galaxy:mitre-enterprise-attack-malware=\"Helminth - S0170\"","misp-galaxy:mitre-malware=\"Helminth - S0170\""],"Hi-Zor - S0087":["misp-galaxy:mitre-enterprise-attack-malware=\"Hi-Zor - S0087\"","misp-galaxy:mitre-malware=\"Hi-Zor - S0087\""],"Hi-Zor":["misp-galaxy:mitre-enterprise-attack-malware=\"Hi-Zor - S0087\"","misp-galaxy:mitre-malware=\"Hi-Zor - S0087\"","misp-galaxy:rat=\"Hi-Zor\""],"Hikit - S0009":["misp-galaxy:mitre-enterprise-attack-malware=\"Hikit - S0009\"","misp-galaxy:mitre-malware=\"Hikit - S0009\""],"Hikit":["misp-galaxy:mitre-enterprise-attack-malware=\"Hikit - S0009\"","misp-galaxy:mitre-malware=\"Hikit - S0009\"","misp-galaxy:tool=\"Hikit\""],"Hydraq - S0203":["misp-galaxy:mitre-enterprise-attack-malware=\"Hydraq - S0203\"","misp-galaxy:mitre-malware=\"Hydraq - S0203\""],"ISMInjector - S0189":["misp-galaxy:mitre-enterprise-attack-malware=\"ISMInjector - S0189\"","misp-galaxy:mitre-malware=\"ISMInjector - S0189\""],"ISMInjector":["misp-galaxy:mitre-enterprise-attack-malware=\"ISMInjector - S0189\"","misp-galaxy:mitre-malware=\"ISMInjector - S0189\""],"Ixeshe - S0015":["misp-galaxy:mitre-enterprise-attack-malware=\"Ixeshe - S0015\"","misp-galaxy:mitre-malware=\"Ixeshe - S0015\""],"Ixeshe":["misp-galaxy:mitre-enterprise-attack-malware=\"Ixeshe - S0015\"","misp-galaxy:mitre-malware=\"Ixeshe - S0015\""],"JHUHUGIT - S0044":["misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"GAMEFISH":["misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\"","misp-galaxy:tool=\"GAMEFISH\""],"SofacyCarberp":["misp-galaxy:mitre-enterprise-attack-malware=\"JHUHUGIT - S0044\"","misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"JPIN - S0201":["misp-galaxy:mitre-enterprise-attack-malware=\"JPIN - S0201\"","misp-galaxy:mitre-malware=\"JPIN - S0201\""],"JPIN":["misp-galaxy:mitre-enterprise-attack-malware=\"JPIN - S0201\"","misp-galaxy:mitre-malware=\"JPIN - S0201\""],"Janicab - S0163":["misp-galaxy:mitre-enterprise-attack-malware=\"Janicab - S0163\"","misp-galaxy:mitre-malware=\"Janicab - S0163\""],"Janicab":["misp-galaxy:mitre-enterprise-attack-malware=\"Janicab - S0163\"","misp-galaxy:mitre-malware=\"Janicab - S0163\"","misp-galaxy:tool=\"Janicab\""],"KARAE - S0215":["misp-galaxy:mitre-enterprise-attack-malware=\"KARAE - S0215\"","misp-galaxy:mitre-malware=\"KARAE - S0215\""],"KARAE":["misp-galaxy:mitre-enterprise-attack-malware=\"KARAE - S0215\"","misp-galaxy:mitre-malware=\"KARAE - S0215\"","misp-galaxy:tool=\"KARAE\""],"KOMPROGO - S0156":["misp-galaxy:mitre-enterprise-attack-malware=\"KOMPROGO - S0156\"","misp-galaxy:mitre-malware=\"KOMPROGO - S0156\""],"Kasidet - S0088":["misp-galaxy:mitre-enterprise-attack-malware=\"Kasidet - S0088\"","misp-galaxy:mitre-malware=\"Kasidet - S0088\""],"Komplex - S0162":["misp-galaxy:mitre-enterprise-attack-malware=\"Komplex - S0162\"","misp-galaxy:mitre-malware=\"Komplex - S0162\""],"LOWBALL - S0042":["misp-galaxy:mitre-enterprise-attack-malware=\"LOWBALL - S0042\"","misp-galaxy:mitre-malware=\"LOWBALL - S0042\""],"Linfo - S0211":["misp-galaxy:mitre-enterprise-attack-malware=\"Linfo - S0211\"","misp-galaxy:mitre-malware=\"Linfo - S0211\""],"Linfo":["misp-galaxy:mitre-enterprise-attack-malware=\"Linfo - S0211\"","misp-galaxy:mitre-malware=\"Linfo - S0211\""],"Lurid - S0010":["misp-galaxy:mitre-enterprise-attack-malware=\"Lurid - S0010\"","misp-galaxy:mitre-malware=\"Lurid - S0010\""],"MURKYTOP - S0233":["misp-galaxy:mitre-enterprise-attack-malware=\"MURKYTOP - S0233\"","misp-galaxy:mitre-malware=\"MURKYTOP - S0233\""],"MURKYTOP":["misp-galaxy:mitre-enterprise-attack-malware=\"MURKYTOP - S0233\"","misp-galaxy:mitre-malware=\"MURKYTOP - S0233\""],"Matroyshka - S0167":["misp-galaxy:mitre-enterprise-attack-malware=\"Matroyshka - S0167\"","misp-galaxy:mitre-malware=\"Matroyshka - S0167\""],"Matroyshka":["misp-galaxy:mitre-enterprise-attack-malware=\"Matroyshka - S0167\"","misp-galaxy:mitre-malware=\"Matroyshka - S0167\""],"Miner-C - S0133":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"Miner-C":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"Mal\/Miner-C":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"PhotoMiner":["misp-galaxy:mitre-enterprise-attack-malware=\"Miner-C - S0133\"","misp-galaxy:mitre-malware=\"Miner-C - S0133\""],"MiniDuke - S0051":["misp-galaxy:mitre-enterprise-attack-malware=\"MiniDuke - S0051\"","misp-galaxy:mitre-malware=\"MiniDuke - S0051\""],"MiniDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"MiniDuke - S0051\"","misp-galaxy:mitre-malware=\"MiniDuke - S0051\""],"Mis-Type - S0084":["misp-galaxy:mitre-enterprise-attack-malware=\"Mis-Type - S0084\"","misp-galaxy:mitre-malware=\"Mis-Type - S0084\""],"Mis-Type":["misp-galaxy:mitre-enterprise-attack-malware=\"Mis-Type - S0084\"","misp-galaxy:mitre-malware=\"Mis-Type - S0084\""],"Misdat - S0083":["misp-galaxy:mitre-enterprise-attack-malware=\"Misdat - S0083\"","misp-galaxy:mitre-malware=\"Misdat - S0083\""],"Mivast - S0080":["misp-galaxy:mitre-enterprise-attack-malware=\"Mivast - S0080\"","misp-galaxy:mitre-malware=\"Mivast - S0080\""],"Mivast":["misp-galaxy:mitre-enterprise-attack-malware=\"Mivast - S0080\"","misp-galaxy:mitre-malware=\"Mivast - S0080\""],"MobileOrder - S0079":["misp-galaxy:mitre-enterprise-attack-malware=\"MobileOrder - S0079\"","misp-galaxy:mitre-malware=\"MobileOrder - S0079\""],"MobileOrder":["misp-galaxy:mitre-enterprise-attack-malware=\"MobileOrder - S0079\"","misp-galaxy:mitre-malware=\"MobileOrder - S0079\""],"MoonWind - S0149":["misp-galaxy:mitre-enterprise-attack-malware=\"MoonWind - S0149\"","misp-galaxy:mitre-malware=\"MoonWind - S0149\""],"NETEAGLE - S0034":["misp-galaxy:mitre-enterprise-attack-malware=\"NETEAGLE - S0034\"","misp-galaxy:mitre-malware=\"NETEAGLE - S0034\""],"NETWIRE - S0198":["misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"","misp-galaxy:mitre-malware=\"NETWIRE - S0198\""],"NETWIRE":["misp-galaxy:mitre-enterprise-attack-malware=\"NETWIRE - S0198\"","misp-galaxy:mitre-malware=\"NETWIRE - S0198\""],"Naid - S0205":["misp-galaxy:mitre-enterprise-attack-malware=\"Naid - S0205\"","misp-galaxy:mitre-malware=\"Naid - S0205\""],"Naid":["misp-galaxy:mitre-enterprise-attack-malware=\"Naid - S0205\"","misp-galaxy:mitre-malware=\"Naid - S0205\"","misp-galaxy:tool=\"Trojan.Naid\""],"NanHaiShu - S0228":["misp-galaxy:mitre-enterprise-attack-malware=\"NanHaiShu - S0228\"","misp-galaxy:mitre-malware=\"NanHaiShu - S0228\""],"Nerex - S0210":["misp-galaxy:mitre-enterprise-attack-malware=\"Nerex - S0210\"","misp-galaxy:mitre-malware=\"Nerex - S0210\""],"Nerex":["misp-galaxy:mitre-enterprise-attack-malware=\"Nerex - S0210\"","misp-galaxy:mitre-malware=\"Nerex - S0210\""],"Net Crawler - S0056":["misp-galaxy:mitre-enterprise-attack-malware=\"Net Crawler - S0056\"","misp-galaxy:mitre-malware=\"Net Crawler - S0056\""],"Net Crawler":["misp-galaxy:mitre-enterprise-attack-malware=\"Net Crawler - S0056\"","misp-galaxy:mitre-malware=\"Net Crawler - S0056\""],"NetTraveler - S0033":["misp-galaxy:mitre-enterprise-attack-malware=\"NetTraveler - S0033\"","misp-galaxy:mitre-malware=\"NetTraveler - S0033\""],"Nidiran - S0118":["misp-galaxy:mitre-enterprise-attack-malware=\"Nidiran - S0118\"","misp-galaxy:mitre-malware=\"Nidiran - S0118\""],"Nidiran":["misp-galaxy:mitre-enterprise-attack-malware=\"Nidiran - S0118\"","misp-galaxy:mitre-malware=\"Nidiran - S0118\""],"Backdoor.Nidiran":["misp-galaxy:mitre-enterprise-attack-malware=\"Nidiran - S0118\"","misp-galaxy:mitre-malware=\"Nidiran - S0118\""],"OLDBAIT - S0138":["misp-galaxy:mitre-enterprise-attack-malware=\"OLDBAIT - S0138\"","misp-galaxy:mitre-malware=\"OLDBAIT - S0138\""],"OSInfo - S0165":["misp-galaxy:mitre-enterprise-attack-malware=\"OSInfo - S0165\"","misp-galaxy:mitre-malware=\"OSInfo - S0165\""],"OSInfo":["misp-galaxy:mitre-enterprise-attack-malware=\"OSInfo - S0165\"","misp-galaxy:mitre-malware=\"OSInfo - S0165\""],"OnionDuke - S0052":["misp-galaxy:mitre-enterprise-attack-malware=\"OnionDuke - S0052\"","misp-galaxy:mitre-malware=\"OnionDuke - S0052\""],"Orz - S0229":["misp-galaxy:mitre-enterprise-attack-malware=\"Orz - S0229\"","misp-galaxy:mitre-malware=\"Orz - S0229\""],"OwaAuth - S0072":["misp-galaxy:mitre-enterprise-attack-malware=\"OwaAuth - S0072\"","misp-galaxy:mitre-malware=\"OwaAuth - S0072\""],"OwaAuth":["misp-galaxy:mitre-enterprise-attack-malware=\"OwaAuth - S0072\"","misp-galaxy:mitre-malware=\"OwaAuth - S0072\""],"P2P ZeuS - S0016":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"P2P ZeuS":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"Peer-to-Peer ZeuS":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"Gameover ZeuS":["misp-galaxy:mitre-enterprise-attack-malware=\"P2P ZeuS - S0016\"","misp-galaxy:mitre-malware=\"P2P ZeuS - S0016\""],"PHOREAL - S0158":["misp-galaxy:mitre-enterprise-attack-malware=\"PHOREAL - S0158\"","misp-galaxy:mitre-malware=\"PHOREAL - S0158\""],"POORAIM - S0216":["misp-galaxy:mitre-enterprise-attack-malware=\"POORAIM - S0216\"","misp-galaxy:mitre-malware=\"POORAIM - S0216\""],"POORAIM":["misp-galaxy:mitre-enterprise-attack-malware=\"POORAIM - S0216\"","misp-galaxy:mitre-malware=\"POORAIM - S0216\"","misp-galaxy:tool=\"POORAIM\""],"POSHSPY - S0150":["misp-galaxy:mitre-enterprise-attack-malware=\"POSHSPY - S0150\"","misp-galaxy:mitre-malware=\"POSHSPY - S0150\""],"POWERSOURCE - S0145":["misp-galaxy:mitre-enterprise-attack-malware=\"POWERSOURCE - S0145\"","misp-galaxy:mitre-malware=\"POWERSOURCE - S0145\""],"POWERSTATS - S0223":["misp-galaxy:mitre-enterprise-attack-malware=\"POWERSTATS - S0223\"","misp-galaxy:mitre-malware=\"POWERSTATS - S0223\""],"POWRUNER - S0184":["misp-galaxy:mitre-enterprise-attack-malware=\"POWRUNER - S0184\"","misp-galaxy:mitre-malware=\"POWRUNER - S0184\""],"PUNCHBUGGY - S0196":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHBUGGY - S0196\"","misp-galaxy:mitre-malware=\"PUNCHBUGGY - S0196\""],"PUNCHBUGGY":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHBUGGY - S0196\"","misp-galaxy:mitre-malware=\"PUNCHBUGGY - S0196\""],"PUNCHTRACK - S0197":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHTRACK - S0197\"","misp-galaxy:mitre-malware=\"PUNCHTRACK - S0197\""],"PUNCHTRACK":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHTRACK - S0197\"","misp-galaxy:mitre-malware=\"PUNCHTRACK - S0197\""],"PSVC":["misp-galaxy:mitre-enterprise-attack-malware=\"PUNCHTRACK - S0197\"","misp-galaxy:mitre-malware=\"PUNCHTRACK - S0197\""],"Pasam - S0208":["misp-galaxy:mitre-enterprise-attack-malware=\"Pasam - S0208\"","misp-galaxy:mitre-malware=\"Pasam - S0208\""],"Pasam":["misp-galaxy:mitre-enterprise-attack-malware=\"Pasam - S0208\"","misp-galaxy:mitre-malware=\"Pasam - S0208\""],"PinchDuke - S0048":["misp-galaxy:mitre-enterprise-attack-malware=\"PinchDuke - S0048\"","misp-galaxy:mitre-malware=\"PinchDuke - S0048\""],"PinchDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"PinchDuke - S0048\"","misp-galaxy:mitre-malware=\"PinchDuke - S0048\""],"Pisloader - S0124":["misp-galaxy:mitre-enterprise-attack-malware=\"Pisloader - S0124\"","misp-galaxy:mitre-malware=\"Pisloader - S0124\""],"Pisloader":["misp-galaxy:mitre-enterprise-attack-malware=\"Pisloader - S0124\"","misp-galaxy:mitre-malware=\"Pisloader - S0124\""],"PlugX - S0013":["misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\""],"Sogu":["misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\""],"Kaba":["misp-galaxy:mitre-enterprise-attack-malware=\"PlugX - S0013\"","misp-galaxy:mitre-malware=\"PlugX - S0013\""],"PoisonIvy - S0012":["misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\""],"PoisonIvy":["misp-galaxy:mitre-enterprise-attack-malware=\"PoisonIvy - S0012\"","misp-galaxy:mitre-malware=\"PoisonIvy - S0012\"","misp-galaxy:rat=\"PoisonIvy\""],"Power Loader - S0177":["misp-galaxy:mitre-enterprise-attack-malware=\"Power Loader - S0177\"","misp-galaxy:mitre-malware=\"Power Loader - S0177\""],"Power Loader":["misp-galaxy:mitre-enterprise-attack-malware=\"Power Loader - S0177\"","misp-galaxy:mitre-malware=\"Power Loader - S0177\""],"Win32\/Agent.UAW":["misp-galaxy:mitre-enterprise-attack-malware=\"Power Loader - S0177\"","misp-galaxy:mitre-malware=\"Power Loader - S0177\""],"PowerDuke - S0139":["misp-galaxy:mitre-enterprise-attack-malware=\"PowerDuke - S0139\"","misp-galaxy:mitre-malware=\"PowerDuke - S0139\""],"Prikormka - S0113":["misp-galaxy:mitre-enterprise-attack-malware=\"Prikormka - S0113\"","misp-galaxy:mitre-malware=\"Prikormka - S0113\""],"Prikormka":["misp-galaxy:mitre-enterprise-attack-malware=\"Prikormka - S0113\"","misp-galaxy:mitre-malware=\"Prikormka - S0113\"","misp-galaxy:tool=\"Prikormka\""],"Psylo - S0078":["misp-galaxy:mitre-enterprise-attack-malware=\"Psylo - S0078\"","misp-galaxy:mitre-malware=\"Psylo - S0078\""],"Psylo":["misp-galaxy:mitre-enterprise-attack-malware=\"Psylo - S0078\"","misp-galaxy:mitre-malware=\"Psylo - S0078\""],"Pteranodon - S0147":["misp-galaxy:mitre-enterprise-attack-malware=\"Pteranodon - S0147\"","misp-galaxy:mitre-malware=\"Pteranodon - S0147\""],"RARSTONE - S0055":["misp-galaxy:mitre-enterprise-attack-malware=\"RARSTONE - S0055\"","misp-galaxy:mitre-malware=\"RARSTONE - S0055\""],"RARSTONE":["misp-galaxy:mitre-enterprise-attack-malware=\"RARSTONE - S0055\"","misp-galaxy:mitre-malware=\"RARSTONE - S0055\"","misp-galaxy:tool=\"RARSTONE\""],"RIPTIDE - S0003":["misp-galaxy:mitre-enterprise-attack-malware=\"RIPTIDE - S0003\"","misp-galaxy:mitre-malware=\"RIPTIDE - S0003\""],"RIPTIDE":["misp-galaxy:mitre-enterprise-attack-malware=\"RIPTIDE - S0003\"","misp-galaxy:mitre-malware=\"RIPTIDE - S0003\"","misp-galaxy:tool=\"Etumbot\""],"ROCKBOOT - S0112":["misp-galaxy:mitre-enterprise-attack-malware=\"ROCKBOOT - S0112\"","misp-galaxy:mitre-malware=\"ROCKBOOT - S0112\""],"ROCKBOOT":["misp-galaxy:mitre-enterprise-attack-malware=\"ROCKBOOT - S0112\"","misp-galaxy:mitre-malware=\"ROCKBOOT - S0112\""],"RTM - S0148":["misp-galaxy:mitre-enterprise-attack-malware=\"RTM - S0148\"","misp-galaxy:mitre-malware=\"RTM - S0148\""],"RawPOS - S0169":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"FIENDCRY":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"DUEBREW":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"DRIFTWOOD":["misp-galaxy:mitre-enterprise-attack-malware=\"RawPOS - S0169\"","misp-galaxy:mitre-malware=\"RawPOS - S0169\""],"Reaver - S0172":["misp-galaxy:mitre-enterprise-attack-malware=\"Reaver - S0172\"","misp-galaxy:mitre-malware=\"Reaver - S0172\""],"RedLeaves - S0153":["misp-galaxy:mitre-enterprise-attack-malware=\"RedLeaves - S0153\"","misp-galaxy:mitre-malware=\"RedLeaves - S0153\""],"BUGJUICE":["misp-galaxy:mitre-enterprise-attack-malware=\"RedLeaves - S0153\"","misp-galaxy:mitre-malware=\"RedLeaves - S0153\"","misp-galaxy:tool=\"BUGJUICE\""],"Regin - S0019":["misp-galaxy:mitre-enterprise-attack-malware=\"Regin - S0019\"","misp-galaxy:mitre-malware=\"Regin - S0019\""],"RemoteCMD - S0166":["misp-galaxy:mitre-enterprise-attack-malware=\"RemoteCMD - S0166\"","misp-galaxy:mitre-malware=\"RemoteCMD - S0166\""],"RemoteCMD":["misp-galaxy:mitre-enterprise-attack-malware=\"RemoteCMD - S0166\"","misp-galaxy:mitre-malware=\"RemoteCMD - S0166\""],"Remsec - S0125":["misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-malware=\"Remsec - S0125\""],"Backdoor.Remsec":["misp-galaxy:mitre-enterprise-attack-malware=\"Remsec - S0125\"","misp-galaxy:mitre-malware=\"Remsec - S0125\""],"Rover - S0090":["misp-galaxy:mitre-enterprise-attack-malware=\"Rover - S0090\"","misp-galaxy:mitre-malware=\"Rover - S0090\""],"S-Type - S0085":["misp-galaxy:mitre-enterprise-attack-malware=\"S-Type - S0085\"","misp-galaxy:mitre-malware=\"S-Type - S0085\""],"S-Type":["misp-galaxy:mitre-enterprise-attack-malware=\"S-Type - S0085\"","misp-galaxy:mitre-malware=\"S-Type - S0085\""],"SEASHARPEE - S0185":["misp-galaxy:mitre-enterprise-attack-malware=\"SEASHARPEE - S0185\"","misp-galaxy:mitre-malware=\"SEASHARPEE - S0185\""],"SEASHARPEE":["misp-galaxy:mitre-enterprise-attack-malware=\"SEASHARPEE - S0185\"","misp-galaxy:mitre-malware=\"SEASHARPEE - S0185\""],"SHIPSHAPE - S0028":["misp-galaxy:mitre-enterprise-attack-malware=\"SHIPSHAPE - S0028\"","misp-galaxy:mitre-malware=\"SHIPSHAPE - S0028\""],"SHOTPUT - S0063":["misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\""],"SHOTPUT":["misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\""],"Backdoor.APT.CookieCutter":["misp-galaxy:mitre-enterprise-attack-malware=\"SHOTPUT - S0063\"","misp-galaxy:mitre-malware=\"SHOTPUT - S0063\""],"SHUTTERSPEED - S0217":["misp-galaxy:mitre-enterprise-attack-malware=\"SHUTTERSPEED - S0217\"","misp-galaxy:mitre-malware=\"SHUTTERSPEED - S0217\""],"SHUTTERSPEED":["misp-galaxy:mitre-enterprise-attack-malware=\"SHUTTERSPEED - S0217\"","misp-galaxy:mitre-malware=\"SHUTTERSPEED - S0217\"","misp-galaxy:tool=\"SHUTTERSPEED\""],"SLOWDRIFT - S0218":["misp-galaxy:mitre-enterprise-attack-malware=\"SLOWDRIFT - S0218\"","misp-galaxy:mitre-malware=\"SLOWDRIFT - S0218\""],"SLOWDRIFT":["misp-galaxy:mitre-enterprise-attack-malware=\"SLOWDRIFT - S0218\"","misp-galaxy:mitre-malware=\"SLOWDRIFT - S0218\"","misp-galaxy:tool=\"SLOWDRIFT\""],"SNUGRIDE - S0159":["misp-galaxy:mitre-enterprise-attack-malware=\"SNUGRIDE - S0159\"","misp-galaxy:mitre-malware=\"SNUGRIDE - S0159\""],"SNUGRIDE":["misp-galaxy:mitre-enterprise-attack-malware=\"SNUGRIDE - S0159\"","misp-galaxy:mitre-malware=\"SNUGRIDE - S0159\"","misp-galaxy:tool=\"SNUGRIDE\""],"SOUNDBITE - S0157":["misp-galaxy:mitre-enterprise-attack-malware=\"SOUNDBITE - S0157\"","misp-galaxy:mitre-malware=\"SOUNDBITE - S0157\""],"SPACESHIP - S0035":["misp-galaxy:mitre-enterprise-attack-malware=\"SPACESHIP - S0035\"","misp-galaxy:mitre-malware=\"SPACESHIP - S0035\""],"Sakula - S0074":["misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\""],"Sakula":["misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\"","misp-galaxy:rat=\"Sakula\"","misp-galaxy:tool=\"Sakula\""],"VIPER":["misp-galaxy:mitre-enterprise-attack-malware=\"Sakula - S0074\"","misp-galaxy:mitre-malware=\"Sakula - S0074\"","misp-galaxy:rat=\"Sakula\""],"SeaDuke - S0053":["misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\""],"SeaDuke":["misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\"","misp-galaxy:threat-actor=\"APT 29\""],"SeaDesk":["misp-galaxy:mitre-enterprise-attack-malware=\"SeaDuke - S0053\"","misp-galaxy:mitre-malware=\"SeaDuke - S0053\""],"Shamoon - S0140":["misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon - S0140\"","misp-galaxy:mitre-malware=\"Shamoon - S0140\""],"Shamoon":["misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon - S0140\"","misp-galaxy:mitre-malware=\"Shamoon - S0140\"","misp-galaxy:tool=\"Shamoon\""],"Disttrack":["misp-galaxy:mitre-enterprise-attack-malware=\"Shamoon - S0140\"","misp-galaxy:mitre-malware=\"Shamoon - S0140\""],"Skeleton Key - S0007":["misp-galaxy:mitre-enterprise-attack-malware=\"Skeleton Key - S0007\"","misp-galaxy:mitre-malware=\"Skeleton Key - S0007\""],"Skeleton Key":["misp-galaxy:mitre-enterprise-attack-malware=\"Skeleton Key - S0007\"","misp-galaxy:mitre-malware=\"Skeleton Key - S0007\""],"Smoke Loader - S0226":["misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"","misp-galaxy:mitre-malware=\"Smoke Loader - S0226\""],"Smoke Loader":["misp-galaxy:mitre-enterprise-attack-malware=\"Smoke Loader - S0226\"","misp-galaxy:mitre-malware=\"Smoke Loader - S0226\"","misp-galaxy:tool=\"Smoke Loader\""],"SslMM - S0058":["misp-galaxy:mitre-enterprise-attack-malware=\"SslMM - S0058\"","misp-galaxy:mitre-malware=\"SslMM - S0058\""],"Starloader - S0188":["misp-galaxy:mitre-enterprise-attack-malware=\"Starloader - S0188\"","misp-galaxy:mitre-malware=\"Starloader - S0188\""],"Starloader":["misp-galaxy:mitre-enterprise-attack-malware=\"Starloader - S0188\"","misp-galaxy:mitre-malware=\"Starloader - S0188\""],"StreamEx - S0142":["misp-galaxy:mitre-enterprise-attack-malware=\"StreamEx - S0142\"","misp-galaxy:mitre-malware=\"StreamEx - S0142\""],"StreamEx":["misp-galaxy:mitre-enterprise-attack-malware=\"StreamEx - S0142\"","misp-galaxy:mitre-malware=\"StreamEx - S0142\"","misp-galaxy:tool=\"StreamEx\""],"Sykipot - S0018":["misp-galaxy:mitre-enterprise-attack-malware=\"Sykipot - S0018\"","misp-galaxy:mitre-malware=\"Sykipot - S0018\""],"Sykipot":["misp-galaxy:mitre-enterprise-attack-malware=\"Sykipot - S0018\"","misp-galaxy:mitre-malware=\"Sykipot - S0018\"","misp-galaxy:threat-actor=\"Maverick Panda\""],"Sys10 - S0060":["misp-galaxy:mitre-enterprise-attack-malware=\"Sys10 - S0060\"","misp-galaxy:mitre-malware=\"Sys10 - S0060\""],"T9000 - S0098":["misp-galaxy:mitre-enterprise-attack-malware=\"T9000 - S0098\"","misp-galaxy:mitre-malware=\"T9000 - S0098\""],"T9000":["misp-galaxy:mitre-enterprise-attack-malware=\"T9000 - S0098\"","misp-galaxy:mitre-malware=\"T9000 - S0098\"","misp-galaxy:tool=\"T9000\""],"TDTESS - S0164":["misp-galaxy:mitre-enterprise-attack-malware=\"TDTESS - S0164\"","misp-galaxy:mitre-malware=\"TDTESS - S0164\""],"TEXTMATE - S0146":["misp-galaxy:mitre-enterprise-attack-malware=\"TEXTMATE - S0146\"","misp-galaxy:mitre-malware=\"TEXTMATE - S0146\""],"TINYTYPHON - S0131":["misp-galaxy:mitre-enterprise-attack-malware=\"TINYTYPHON - S0131\"","misp-galaxy:mitre-malware=\"TINYTYPHON - S0131\""],"TINYTYPHON":["misp-galaxy:mitre-enterprise-attack-malware=\"TINYTYPHON - S0131\"","misp-galaxy:mitre-malware=\"TINYTYPHON - S0131\""],"TURNEDUP - S0199":["misp-galaxy:mitre-enterprise-attack-malware=\"TURNEDUP - S0199\"","misp-galaxy:mitre-malware=\"TURNEDUP - S0199\""],"Taidoor - S0011":["misp-galaxy:mitre-enterprise-attack-malware=\"Taidoor - S0011\"","misp-galaxy:mitre-malware=\"Taidoor - S0011\""],"TinyZBot - S0004":["misp-galaxy:mitre-enterprise-attack-malware=\"TinyZBot - S0004\"","misp-galaxy:mitre-malware=\"TinyZBot - S0004\""],"TinyZBot":["misp-galaxy:mitre-enterprise-attack-malware=\"TinyZBot - S0004\"","misp-galaxy:mitre-malware=\"TinyZBot - S0004\"","misp-galaxy:tool=\"TinyZBot\""],"Trojan.Karagany - S0094":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Karagany - S0094\"","misp-galaxy:mitre-malware=\"Trojan.Karagany - S0094\""],"Trojan.Karagany":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Karagany - S0094\"","misp-galaxy:mitre-malware=\"Trojan.Karagany - S0094\""],"Trojan.Mebromi - S0001":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Mebromi - S0001\"","misp-galaxy:mitre-malware=\"Trojan.Mebromi - S0001\""],"Trojan.Mebromi":["misp-galaxy:mitre-enterprise-attack-malware=\"Trojan.Mebromi - S0001\"","misp-galaxy:mitre-malware=\"Trojan.Mebromi - S0001\""],"Truvasys - S0178":["misp-galaxy:mitre-enterprise-attack-malware=\"Truvasys - S0178\"","misp-galaxy:mitre-malware=\"Truvasys - S0178\""],"Truvasys":["misp-galaxy:mitre-enterprise-attack-malware=\"Truvasys - S0178\"","misp-galaxy:mitre-malware=\"Truvasys - S0178\""],"USBStealer - S0136":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\""],"USBStealer":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\"","misp-galaxy:tool=\"USBStealer\""],"USB Stealer":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\""],"Win32\/USBStealer":["misp-galaxy:mitre-enterprise-attack-malware=\"USBStealer - S0136\"","misp-galaxy:mitre-malware=\"USBStealer - S0136\""],"Umbreon - S0221":["misp-galaxy:mitre-enterprise-attack-malware=\"Umbreon - S0221\"","misp-galaxy:mitre-malware=\"Umbreon - S0221\""],"Unknown Logger - S0130":["misp-galaxy:mitre-enterprise-attack-malware=\"Unknown Logger - S0130\"","misp-galaxy:mitre-malware=\"Unknown Logger - S0130\""],"Unknown Logger":["misp-galaxy:mitre-enterprise-attack-malware=\"Unknown Logger - S0130\"","misp-galaxy:mitre-malware=\"Unknown Logger - S0130\""],"Uroburos - S0022":["misp-galaxy:mitre-enterprise-attack-malware=\"Uroburos - S0022\"","misp-galaxy:mitre-malware=\"Uroburos - S0022\""],"Uroburos":["misp-galaxy:mitre-enterprise-attack-malware=\"Uroburos - S0022\"","misp-galaxy:mitre-malware=\"Uroburos - S0022\"","misp-galaxy:threat-actor=\"Turla Group\"","misp-galaxy:tool=\"Turla\""],"Vasport - S0207":["misp-galaxy:mitre-enterprise-attack-malware=\"Vasport - S0207\"","misp-galaxy:mitre-malware=\"Vasport - S0207\""],"Vasport":["misp-galaxy:mitre-enterprise-attack-malware=\"Vasport - S0207\"","misp-galaxy:mitre-malware=\"Vasport - S0207\""],"Volgmer - S0180":["misp-galaxy:mitre-enterprise-attack-malware=\"Volgmer - S0180\"","misp-galaxy:mitre-malware=\"Volgmer - S0180\""],"WEBC2 - S0109":["misp-galaxy:mitre-enterprise-attack-malware=\"WEBC2 - S0109\"","misp-galaxy:mitre-malware=\"WEBC2 - S0109\""],"WEBC2":["misp-galaxy:mitre-enterprise-attack-malware=\"WEBC2 - S0109\"","misp-galaxy:mitre-malware=\"WEBC2 - S0109\"","misp-galaxy:tool=\"WEBC2\""],"WINDSHIELD - S0155":["misp-galaxy:mitre-enterprise-attack-malware=\"WINDSHIELD - S0155\"","misp-galaxy:mitre-malware=\"WINDSHIELD - S0155\""],"WINDSHIELD":["misp-galaxy:mitre-enterprise-attack-malware=\"WINDSHIELD - S0155\"","misp-galaxy:mitre-malware=\"WINDSHIELD - S0155\""],"WINERACK - S0219":["misp-galaxy:mitre-enterprise-attack-malware=\"WINERACK - S0219\"","misp-galaxy:mitre-malware=\"WINERACK - S0219\""],"WINERACK":["misp-galaxy:mitre-enterprise-attack-malware=\"WINERACK - S0219\"","misp-galaxy:mitre-malware=\"WINERACK - S0219\"","misp-galaxy:tool=\"WINERACK\""],"Wiarp - S0206":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiarp - S0206\"","misp-galaxy:mitre-malware=\"Wiarp - S0206\""],"Wiarp":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiarp - S0206\"","misp-galaxy:mitre-malware=\"Wiarp - S0206\""],"WinMM - S0059":["misp-galaxy:mitre-enterprise-attack-malware=\"WinMM - S0059\"","misp-galaxy:mitre-malware=\"WinMM - S0059\""],"Wingbird - S0176":["misp-galaxy:mitre-enterprise-attack-malware=\"Wingbird - S0176\"","misp-galaxy:mitre-malware=\"Wingbird - S0176\""],"Wingbird":["misp-galaxy:mitre-enterprise-attack-malware=\"Wingbird - S0176\"","misp-galaxy:mitre-malware=\"Wingbird - S0176\""],"Winnti - S0141":["misp-galaxy:mitre-enterprise-attack-malware=\"Winnti - S0141\"","misp-galaxy:mitre-malware=\"Winnti - S0141\""],"Winnti":["misp-galaxy:mitre-enterprise-attack-malware=\"Winnti - S0141\"","misp-galaxy:mitre-malware=\"Winnti - S0141\"","misp-galaxy:tool=\"Winnti\""],"Wiper - S0041":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiper - S0041\"","misp-galaxy:mitre-malware=\"Wiper - S0041\""],"Wiper":["misp-galaxy:mitre-enterprise-attack-malware=\"Wiper - S0041\"","misp-galaxy:mitre-malware=\"Wiper - S0041\""],"XAgentOSX - S0161":["misp-galaxy:mitre-enterprise-attack-malware=\"XAgentOSX - S0161\"","misp-galaxy:mitre-malware=\"XAgentOSX - S0161\""],"XAgentOSX":["misp-galaxy:mitre-enterprise-attack-malware=\"XAgentOSX - S0161\"","misp-galaxy:mitre-malware=\"XAgentOSX - S0161\""],"XTunnel - S0117":["misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\""],"XTunnel":["misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\"","misp-galaxy:tool=\"X-Tunnel\""],"XAPS":["misp-galaxy:mitre-enterprise-attack-malware=\"XTunnel - S0117\"","misp-galaxy:mitre-malware=\"XTunnel - S0117\""],"ZLib - S0086":["misp-galaxy:mitre-enterprise-attack-malware=\"ZLib - S0086\"","misp-galaxy:mitre-malware=\"ZLib - S0086\""],"ZLib":["misp-galaxy:mitre-enterprise-attack-malware=\"ZLib - S0086\"","misp-galaxy:mitre-malware=\"ZLib - S0086\""],"ZeroT - S0230":["misp-galaxy:mitre-enterprise-attack-malware=\"ZeroT - S0230\"","misp-galaxy:mitre-malware=\"ZeroT - S0230\""],"Zeroaccess - S0027":["misp-galaxy:mitre-enterprise-attack-malware=\"Zeroaccess - S0027\"","misp-galaxy:mitre-malware=\"Zeroaccess - S0027\""],"Zeroaccess":["misp-galaxy:mitre-enterprise-attack-malware=\"Zeroaccess - S0027\"","misp-galaxy:mitre-malware=\"Zeroaccess - S0027\""],"Trojan.Zeroaccess":["misp-galaxy:mitre-enterprise-attack-malware=\"Zeroaccess - S0027\"","misp-galaxy:mitre-malware=\"Zeroaccess - S0027\""],"adbupd - S0202":["misp-galaxy:mitre-enterprise-attack-malware=\"adbupd - S0202\"","misp-galaxy:mitre-malware=\"adbupd - S0202\""],"adbupd":["misp-galaxy:mitre-enterprise-attack-malware=\"adbupd - S0202\"","misp-galaxy:mitre-malware=\"adbupd - S0202\""],"gh0st - S0032":["misp-galaxy:mitre-enterprise-attack-malware=\"gh0st - S0032\"","misp-galaxy:mitre-malware=\"gh0st - S0032\""],"gh0st":["misp-galaxy:mitre-enterprise-attack-malware=\"gh0st - S0032\"","misp-galaxy:mitre-malware=\"gh0st - S0032\"","misp-galaxy:tool=\"gh0st\""],"hcdLoader - S0071":["misp-galaxy:mitre-enterprise-attack-malware=\"hcdLoader - S0071\"","misp-galaxy:mitre-malware=\"hcdLoader - S0071\""],"hcdLoader":["misp-galaxy:mitre-enterprise-attack-malware=\"hcdLoader - S0071\"","misp-galaxy:mitre-malware=\"hcdLoader - S0071\"","misp-galaxy:rat=\"hcdLoader\""],"httpclient - S0068":["misp-galaxy:mitre-enterprise-attack-malware=\"httpclient - S0068\"","misp-galaxy:mitre-malware=\"httpclient - S0068\""],"httpclient":["misp-galaxy:mitre-enterprise-attack-malware=\"httpclient - S0068\"","misp-galaxy:mitre-malware=\"httpclient - S0068\""],"pngdowner - S0067":["misp-galaxy:mitre-enterprise-attack-malware=\"pngdowner - S0067\"","misp-galaxy:mitre-malware=\"pngdowner - S0067\""],"Arp - S0099":["misp-galaxy:mitre-enterprise-attack-tool=\"Arp - S0099\"","misp-galaxy:mitre-tool=\"Arp - S0099\""],"Arp":["misp-galaxy:mitre-enterprise-attack-tool=\"Arp - S0099\"","misp-galaxy:mitre-tool=\"Arp - S0099\""],"arp.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Arp - S0099\"","misp-galaxy:mitre-tool=\"Arp - S0099\""],"BITSAdmin - S0190":["misp-galaxy:mitre-enterprise-attack-tool=\"BITSAdmin - S0190\"","misp-galaxy:mitre-tool=\"BITSAdmin - S0190\""],"BITSAdmin":["misp-galaxy:mitre-enterprise-attack-tool=\"BITSAdmin - S0190\"","misp-galaxy:mitre-tool=\"BITSAdmin - S0190\""],"Cachedump - S0119":["misp-galaxy:mitre-enterprise-attack-tool=\"Cachedump - S0119\"","misp-galaxy:mitre-tool=\"Cachedump - S0119\""],"Cachedump":["misp-galaxy:mitre-enterprise-attack-tool=\"Cachedump - S0119\"","misp-galaxy:mitre-tool=\"Cachedump - S0119\""],"Cobalt Strike - S0154":["misp-galaxy:mitre-enterprise-attack-tool=\"Cobalt Strike - S0154\"","misp-galaxy:mitre-tool=\"Cobalt Strike - S0154\""],"FTP - S0095":["misp-galaxy:mitre-enterprise-attack-tool=\"FTP - S0095\"","misp-galaxy:mitre-tool=\"FTP - S0095\""],"FTP":["misp-galaxy:mitre-enterprise-attack-tool=\"FTP - S0095\"","misp-galaxy:mitre-tool=\"FTP - S0095\""],"ftp.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"FTP - S0095\"","misp-galaxy:mitre-tool=\"FTP - S0095\""],"Fgdump - S0120":["misp-galaxy:mitre-enterprise-attack-tool=\"Fgdump - S0120\"","misp-galaxy:mitre-tool=\"Fgdump - S0120\""],"Fgdump":["misp-galaxy:mitre-enterprise-attack-tool=\"Fgdump - S0120\"","misp-galaxy:mitre-tool=\"Fgdump - S0120\""],"Forfiles - S0193":["misp-galaxy:mitre-enterprise-attack-tool=\"Forfiles - S0193\"","misp-galaxy:mitre-tool=\"Forfiles - S0193\""],"Forfiles":["misp-galaxy:mitre-enterprise-attack-tool=\"Forfiles - S0193\"","misp-galaxy:mitre-tool=\"Forfiles - S0193\""],"HTRAN - S0040":["misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"","misp-galaxy:mitre-tool=\"HTRAN - S0040\""],"HTRAN":["misp-galaxy:mitre-enterprise-attack-tool=\"HTRAN - S0040\"","misp-galaxy:mitre-tool=\"HTRAN - S0040\""],"Havij - S0224":["misp-galaxy:mitre-enterprise-attack-tool=\"Havij - S0224\"","misp-galaxy:mitre-tool=\"Havij - S0224\""],"Havij":["misp-galaxy:mitre-enterprise-attack-tool=\"Havij - S0224\"","misp-galaxy:mitre-tool=\"Havij - S0224\""],"Invoke-PSImage - S0231":["misp-galaxy:mitre-enterprise-attack-tool=\"Invoke-PSImage - S0231\"","misp-galaxy:mitre-tool=\"Invoke-PSImage - S0231\""],"Invoke-PSImage":["misp-galaxy:mitre-enterprise-attack-tool=\"Invoke-PSImage - S0231\"","misp-galaxy:mitre-tool=\"Invoke-PSImage - S0231\""],"Lslsass - S0121":["misp-galaxy:mitre-enterprise-attack-tool=\"Lslsass - S0121\"","misp-galaxy:mitre-tool=\"Lslsass - S0121\""],"Lslsass":["misp-galaxy:mitre-enterprise-attack-tool=\"Lslsass - S0121\"","misp-galaxy:mitre-tool=\"Lslsass - S0121\""],"MimiPenguin - S0179":["misp-galaxy:mitre-enterprise-attack-tool=\"MimiPenguin - S0179\"","misp-galaxy:mitre-tool=\"MimiPenguin - S0179\""],"MimiPenguin":["misp-galaxy:mitre-enterprise-attack-tool=\"MimiPenguin - S0179\"","misp-galaxy:mitre-tool=\"MimiPenguin - S0179\""],"Mimikatz - S0002":["misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"","misp-galaxy:mitre-tool=\"Mimikatz - S0002\""],"Mimikatz":["misp-galaxy:mitre-enterprise-attack-tool=\"Mimikatz - S0002\"","misp-galaxy:mitre-tool=\"Mimikatz - S0002\"","misp-galaxy:tool=\"Mimikatz\""],"Net - S0039":["misp-galaxy:mitre-enterprise-attack-tool=\"Net - S0039\"","misp-galaxy:mitre-tool=\"Net - S0039\""],"Net":["misp-galaxy:mitre-enterprise-attack-tool=\"Net - S0039\"","misp-galaxy:mitre-tool=\"Net - S0039\""],"net.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Net - S0039\"","misp-galaxy:mitre-tool=\"Net - S0039\""],"Pass-The-Hash Toolkit - S0122":["misp-galaxy:mitre-enterprise-attack-tool=\"Pass-The-Hash Toolkit - S0122\"","misp-galaxy:mitre-tool=\"Pass-The-Hash Toolkit - S0122\""],"Pass-The-Hash Toolkit":["misp-galaxy:mitre-enterprise-attack-tool=\"Pass-The-Hash Toolkit - S0122\"","misp-galaxy:mitre-tool=\"Pass-The-Hash Toolkit - S0122\""],"Ping - S0097":["misp-galaxy:mitre-enterprise-attack-tool=\"Ping - S0097\"","misp-galaxy:mitre-tool=\"Ping - S0097\""],"Ping":["misp-galaxy:mitre-enterprise-attack-tool=\"Ping - S0097\"","misp-galaxy:mitre-tool=\"Ping - S0097\""],"ping.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Ping - S0097\"","misp-galaxy:mitre-tool=\"Ping - S0097\""],"PowerSploit - S0194":["misp-galaxy:mitre-enterprise-attack-tool=\"PowerSploit - S0194\"","misp-galaxy:mitre-tool=\"PowerSploit - S0194\""],"PowerSploit":["misp-galaxy:mitre-enterprise-attack-tool=\"PowerSploit - S0194\"","misp-galaxy:mitre-tool=\"PowerSploit - S0194\""],"PsExec - S0029":["misp-galaxy:mitre-enterprise-attack-tool=\"PsExec - S0029\"","misp-galaxy:mitre-tool=\"PsExec - S0029\""],"PsExec":["misp-galaxy:mitre-enterprise-attack-tool=\"PsExec - S0029\"","misp-galaxy:mitre-tool=\"PsExec - S0029\"","misp-galaxy:tool=\"PsExec\""],"Pupy - S0192":["misp-galaxy:mitre-enterprise-attack-tool=\"Pupy - S0192\"","misp-galaxy:mitre-tool=\"Pupy - S0192\""],"Pupy":["misp-galaxy:mitre-enterprise-attack-tool=\"Pupy - S0192\"","misp-galaxy:mitre-tool=\"Pupy - S0192\"","misp-galaxy:rat=\"Pupy\""],"Reg - S0075":["misp-galaxy:mitre-enterprise-attack-tool=\"Reg - S0075\"","misp-galaxy:mitre-tool=\"Reg - S0075\""],"Reg":["misp-galaxy:mitre-enterprise-attack-tool=\"Reg - S0075\"","misp-galaxy:mitre-tool=\"Reg - S0075\""],"reg.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Reg - S0075\"","misp-galaxy:mitre-tool=\"Reg - S0075\""],"Responder - S0174":["misp-galaxy:mitre-enterprise-attack-tool=\"Responder - S0174\"","misp-galaxy:mitre-tool=\"Responder - S0174\""],"Responder":["misp-galaxy:mitre-enterprise-attack-tool=\"Responder - S0174\"","misp-galaxy:mitre-tool=\"Responder - S0174\""],"SDelete - S0195":["misp-galaxy:mitre-enterprise-attack-tool=\"SDelete - S0195\"","misp-galaxy:mitre-tool=\"SDelete - S0195\""],"SDelete":["misp-galaxy:mitre-enterprise-attack-tool=\"SDelete - S0195\"","misp-galaxy:mitre-tool=\"SDelete - S0195\""],"Systeminfo - S0096":["misp-galaxy:mitre-enterprise-attack-tool=\"Systeminfo - S0096\"","misp-galaxy:mitre-tool=\"Systeminfo - S0096\""],"Systeminfo":["misp-galaxy:mitre-enterprise-attack-tool=\"Systeminfo - S0096\"","misp-galaxy:mitre-tool=\"Systeminfo - S0096\""],"systeminfo.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"Systeminfo - S0096\"","misp-galaxy:mitre-tool=\"Systeminfo - S0096\""],"Tasklist - S0057":["misp-galaxy:mitre-enterprise-attack-tool=\"Tasklist - S0057\"","misp-galaxy:mitre-tool=\"Tasklist - S0057\""],"Tasklist":["misp-galaxy:mitre-enterprise-attack-tool=\"Tasklist - S0057\"","misp-galaxy:mitre-tool=\"Tasklist - S0057\""],"Tor - S0183":["misp-galaxy:mitre-enterprise-attack-tool=\"Tor - S0183\"","misp-galaxy:mitre-tool=\"Tor - S0183\""],"Tor":["misp-galaxy:mitre-enterprise-attack-tool=\"Tor - S0183\"","misp-galaxy:mitre-tool=\"Tor - S0183\""],"UACMe - S0116":["misp-galaxy:mitre-enterprise-attack-tool=\"UACMe - S0116\"","misp-galaxy:mitre-tool=\"UACMe - S0116\""],"Windows Credential Editor - S0005":["misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"","misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\""],"Windows Credential Editor":["misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"","misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\""],"WCE":["misp-galaxy:mitre-enterprise-attack-tool=\"Windows Credential Editor - S0005\"","misp-galaxy:mitre-tool=\"Windows Credential Editor - S0005\""],"Winexe - S0191":["misp-galaxy:mitre-enterprise-attack-tool=\"Winexe - S0191\"","misp-galaxy:mitre-tool=\"Winexe - S0191\""],"Winexe":["misp-galaxy:mitre-enterprise-attack-tool=\"Winexe - S0191\"","misp-galaxy:mitre-tool=\"Winexe - S0191\"","misp-galaxy:tool=\"Winexe\""],"at - S0110":["misp-galaxy:mitre-enterprise-attack-tool=\"at - S0110\"","misp-galaxy:mitre-tool=\"at - S0110\""],"at":["misp-galaxy:mitre-enterprise-attack-tool=\"at - S0110\"","misp-galaxy:mitre-tool=\"at - S0110\""],"at.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"at - S0110\"","misp-galaxy:mitre-tool=\"at - S0110\""],"certutil - S0160":["misp-galaxy:mitre-enterprise-attack-tool=\"certutil - S0160\"","misp-galaxy:mitre-tool=\"certutil - S0160\""],"certutil":["misp-galaxy:mitre-enterprise-attack-tool=\"certutil - S0160\"","misp-galaxy:mitre-tool=\"certutil - S0160\""],"certutil.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"certutil - S0160\"","misp-galaxy:mitre-tool=\"certutil - S0160\""],"cmd - S0106":["misp-galaxy:mitre-enterprise-attack-tool=\"cmd - S0106\"","misp-galaxy:mitre-tool=\"cmd - S0106\""],"cmd":["misp-galaxy:mitre-enterprise-attack-tool=\"cmd - S0106\"","misp-galaxy:mitre-tool=\"cmd - S0106\""],"cmd.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"cmd - S0106\"","misp-galaxy:mitre-tool=\"cmd - S0106\""],"dsquery - S0105":["misp-galaxy:mitre-enterprise-attack-tool=\"dsquery - S0105\"","misp-galaxy:mitre-tool=\"dsquery - S0105\""],"dsquery":["misp-galaxy:mitre-enterprise-attack-tool=\"dsquery - S0105\"","misp-galaxy:mitre-tool=\"dsquery - S0105\""],"dsquery.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"dsquery - S0105\"","misp-galaxy:mitre-tool=\"dsquery - S0105\""],"gsecdump - S0008":["misp-galaxy:mitre-enterprise-attack-tool=\"gsecdump - S0008\"","misp-galaxy:mitre-tool=\"gsecdump - S0008\""],"ifconfig - S0101":["misp-galaxy:mitre-enterprise-attack-tool=\"ifconfig - S0101\"","misp-galaxy:mitre-tool=\"ifconfig - S0101\""],"ifconfig":["misp-galaxy:mitre-enterprise-attack-tool=\"ifconfig - S0101\"","misp-galaxy:mitre-tool=\"ifconfig - S0101\""],"ipconfig - S0100":["misp-galaxy:mitre-enterprise-attack-tool=\"ipconfig - S0100\"","misp-galaxy:mitre-tool=\"ipconfig - S0100\""],"ipconfig":["misp-galaxy:mitre-enterprise-attack-tool=\"ipconfig - S0100\"","misp-galaxy:mitre-tool=\"ipconfig - S0100\""],"ipconfig.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"ipconfig - S0100\"","misp-galaxy:mitre-tool=\"ipconfig - S0100\""],"meek - S0175":["misp-galaxy:mitre-enterprise-attack-tool=\"meek - S0175\"","misp-galaxy:mitre-tool=\"meek - S0175\""],"meek":["misp-galaxy:mitre-enterprise-attack-tool=\"meek - S0175\"","misp-galaxy:mitre-tool=\"meek - S0175\""],"nbtstat - S0102":["misp-galaxy:mitre-enterprise-attack-tool=\"nbtstat - S0102\"","misp-galaxy:mitre-tool=\"nbtstat - S0102\""],"nbtstat":["misp-galaxy:mitre-enterprise-attack-tool=\"nbtstat - S0102\"","misp-galaxy:mitre-tool=\"nbtstat - S0102\""],"nbtstat.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"nbtstat - S0102\"","misp-galaxy:mitre-tool=\"nbtstat - S0102\""],"netsh - S0108":["misp-galaxy:mitre-enterprise-attack-tool=\"netsh - S0108\"","misp-galaxy:mitre-tool=\"netsh - S0108\""],"netsh":["misp-galaxy:mitre-enterprise-attack-tool=\"netsh - S0108\"","misp-galaxy:mitre-tool=\"netsh - S0108\""],"netsh.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"netsh - S0108\"","misp-galaxy:mitre-tool=\"netsh - S0108\""],"netstat - S0104":["misp-galaxy:mitre-enterprise-attack-tool=\"netstat - S0104\"","misp-galaxy:mitre-tool=\"netstat - S0104\""],"netstat":["misp-galaxy:mitre-enterprise-attack-tool=\"netstat - S0104\"","misp-galaxy:mitre-tool=\"netstat - S0104\""],"netstat.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"netstat - S0104\"","misp-galaxy:mitre-tool=\"netstat - S0104\""],"pwdump - S0006":["misp-galaxy:mitre-enterprise-attack-tool=\"pwdump - S0006\"","misp-galaxy:mitre-tool=\"pwdump - S0006\""],"pwdump":["misp-galaxy:mitre-enterprise-attack-tool=\"pwdump - S0006\"","misp-galaxy:mitre-tool=\"pwdump - S0006\""],"route - S0103":["misp-galaxy:mitre-enterprise-attack-tool=\"route - S0103\"","misp-galaxy:mitre-tool=\"route - S0103\""],"route":["misp-galaxy:mitre-enterprise-attack-tool=\"route - S0103\"","misp-galaxy:mitre-tool=\"route - S0103\""],"route.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"route - S0103\"","misp-galaxy:mitre-tool=\"route - S0103\""],"schtasks - S0111":["misp-galaxy:mitre-enterprise-attack-tool=\"schtasks - S0111\"","misp-galaxy:mitre-tool=\"schtasks - S0111\""],"schtasks":["misp-galaxy:mitre-enterprise-attack-tool=\"schtasks - S0111\"","misp-galaxy:mitre-tool=\"schtasks - S0111\""],"schtasks.exe":["misp-galaxy:mitre-enterprise-attack-tool=\"schtasks - S0111\"","misp-galaxy:mitre-tool=\"schtasks - S0111\""],"spwebmember - S0227":["misp-galaxy:mitre-enterprise-attack-tool=\"spwebmember - S0227\"","misp-galaxy:mitre-tool=\"spwebmember - S0227\""],"spwebmember":["misp-galaxy:mitre-enterprise-attack-tool=\"spwebmember - S0227\"","misp-galaxy:mitre-tool=\"spwebmember - S0227\""],"sqlmap - S0225":["misp-galaxy:mitre-enterprise-attack-tool=\"sqlmap - S0225\"","misp-galaxy:mitre-tool=\"sqlmap - S0225\""],"sqlmap":["misp-galaxy:mitre-enterprise-attack-tool=\"sqlmap - S0225\"","misp-galaxy:mitre-tool=\"sqlmap - S0225\""],"xCmd - S0123":["misp-galaxy:mitre-enterprise-attack-tool=\"xCmd - S0123\"","misp-galaxy:mitre-tool=\"xCmd - S0123\""],"xCmd":["misp-galaxy:mitre-enterprise-attack-tool=\"xCmd - S0123\"","misp-galaxy:mitre-tool=\"xCmd - S0123\""],"APT19 - G0073":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\""],"APT19":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\"","misp-galaxy:threat-actor=\"Codoso\""],"Codoso":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\"","misp-galaxy:threat-actor=\"Codoso\""],"C0d0so0":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\""],"Codoso Team":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\""],"Sunshop Group":["misp-galaxy:mitre-intrusion-set=\"APT19 - G0073\"","misp-galaxy:threat-actor=\"Codoso\""],"SNAKEMACKEREL":["misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Swallowtail":["misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"Group 74":["misp-galaxy:mitre-intrusion-set=\"APT28 - G0007\"","misp-galaxy:threat-actor=\"Sofacy\""],"YTTRIUM":["misp-galaxy:mitre-intrusion-set=\"APT29 - G0016\"","misp-galaxy:threat-actor=\"APT 29\""],"SeaLotus":["misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"APT-C-00":["misp-galaxy:mitre-intrusion-set=\"APT32 - G0050\"","misp-galaxy:threat-actor=\"APT32\""],"Elfin":["misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"","misp-galaxy:threat-actor=\"APT33\""],"APT38 - G0082":["misp-galaxy:mitre-intrusion-set=\"APT38 - G0082\""],"APT38":["misp-galaxy:mitre-intrusion-set=\"APT38 - G0082\"","misp-galaxy:threat-actor=\"Lazarus Group\""],"APT39 - G0087":["misp-galaxy:mitre-intrusion-set=\"APT39 - G0087\""],"APT39":["misp-galaxy:mitre-intrusion-set=\"APT39 - G0087\"","misp-galaxy:threat-actor=\"APT39\""],"Chafer":["misp-galaxy:mitre-intrusion-set=\"APT39 - G0087\"","misp-galaxy:threat-actor=\"APT39\"","misp-galaxy:threat-actor=\"Chafer\""],"Cobalt Group - G0080":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\""],"Cobalt Group":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\"","misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt Gang":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\"","misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt Spider":["misp-galaxy:mitre-intrusion-set=\"Cobalt Group - G0080\"","misp-galaxy:threat-actor=\"Cobalt\""],"Dark Caracal - G0070":["misp-galaxy:mitre-intrusion-set=\"Dark Caracal - G0070\""],"Dark Caracal":["misp-galaxy:mitre-intrusion-set=\"Dark Caracal - G0070\"","misp-galaxy:threat-actor=\"Dark Caracal\""],"DarkHydrus - G0079":["misp-galaxy:mitre-intrusion-set=\"DarkHydrus - G0079\""],"DarkHydrus":["misp-galaxy:mitre-intrusion-set=\"DarkHydrus - G0079\"","misp-galaxy:threat-actor=\"DarkHydrus\""],"Dragonfly 2.0 - G0074":["misp-galaxy:mitre-intrusion-set=\"Dragonfly 2.0 - G0074\""],"Dragonfly 2.0":["misp-galaxy:mitre-intrusion-set=\"Dragonfly 2.0 - G0074\"","misp-galaxy:threat-actor=\"DYMALLOY\""],"Berserk Bear":["misp-galaxy:mitre-intrusion-set=\"Dragonfly 2.0 - G0074\"","misp-galaxy:threat-actor=\"Berserk Bear\"","misp-galaxy:threat-actor=\"TeamSpy Crew\""],"FIN4 - G0085":["misp-galaxy:mitre-intrusion-set=\"FIN4 - G0085\""],"FIN4":["misp-galaxy:mitre-intrusion-set=\"FIN4 - G0085\"","misp-galaxy:threat-actor=\"Wolf Spider\""],"Gallmaker - G0084":["misp-galaxy:mitre-intrusion-set=\"Gallmaker - G0084\""],"Gallmaker":["misp-galaxy:mitre-intrusion-set=\"Gallmaker - G0084\"","misp-galaxy:threat-actor=\"Gallmaker\""],"Gorgon Group - G0078":["misp-galaxy:mitre-intrusion-set=\"Gorgon Group - G0078\""],"Gorgon Group":["misp-galaxy:mitre-intrusion-set=\"Gorgon Group - G0078\"","misp-galaxy:threat-actor=\"The Gorgon Group\""],"Honeybee - G0072":["misp-galaxy:mitre-intrusion-set=\"Honeybee - G0072\""],"Honeybee":["misp-galaxy:mitre-intrusion-set=\"Honeybee - G0072\"","misp-galaxy:threat-actor=\"Honeybee\""],"APT15":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"Vixen Panda":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"GREF":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"Playful Dragon":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\"","misp-galaxy:threat-actor=\"Mirage\""],"RoyalAPT":["misp-galaxy:mitre-intrusion-set=\"Ke3chang - G0004\""],"Leafminer - G0077":["misp-galaxy:mitre-intrusion-set=\"Leafminer - G0077\""],"Leafminer":["misp-galaxy:mitre-intrusion-set=\"Leafminer - G0077\""],"Raspite":["misp-galaxy:mitre-intrusion-set=\"Leafminer - G0077\"","misp-galaxy:threat-actor=\"RASPITE\""],"TEMP.Jumper":["misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"APT40":["misp-galaxy:mitre-intrusion-set=\"Leviathan - G0065\"","misp-galaxy:threat-actor=\"Leviathan\""],"DRAGONFISH":["misp-galaxy:mitre-intrusion-set=\"Lotus Blossom - G0030\"","misp-galaxy:threat-actor=\"Lotus Blossom\""],"APT35":["misp-galaxy:mitre-intrusion-set=\"Magic Hound - G0059\"","misp-galaxy:threat-actor=\"APT35\"","misp-galaxy:threat-actor=\"Cleaver\""],"Seedworm":["misp-galaxy:mitre-intrusion-set=\"MuddyWater - G0069\"","misp-galaxy:threat-actor=\"MuddyWater\""],"IRN2":["misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\"","misp-galaxy:threat-actor=\"OilRig\""],"HELIX KITTEN":["misp-galaxy:mitre-intrusion-set=\"OilRig - G0049\""],"Orangeworm - G0071":["misp-galaxy:mitre-intrusion-set=\"Orangeworm - G0071\""],"Orangeworm":["misp-galaxy:mitre-intrusion-set=\"Orangeworm - G0071\"","misp-galaxy:threat-actor=\"Orangeworm\""],"Rancor - G0075":["misp-galaxy:mitre-intrusion-set=\"Rancor - G0075\""],"Rancor":["misp-galaxy:mitre-intrusion-set=\"Rancor - G0075\"","misp-galaxy:threat-actor=\"RANCOR\""],"VOODOO BEAR":["misp-galaxy:mitre-intrusion-set=\"Sandworm Team - G0034\""],"SilverTerrier - G0083":["misp-galaxy:mitre-intrusion-set=\"SilverTerrier - G0083\""],"SilverTerrier":["misp-galaxy:mitre-intrusion-set=\"SilverTerrier - G0083\"","misp-galaxy:threat-actor=\"SilverTerrier\""],"Stolen Pencil - G0086":["misp-galaxy:mitre-intrusion-set=\"Stolen Pencil - G0086\""],"Stolen Pencil":["misp-galaxy:mitre-intrusion-set=\"Stolen Pencil - G0086\""],"TEMP.Veles - G0088":["misp-galaxy:mitre-intrusion-set=\"TEMP.Veles - G0088\""],"TEMP.Veles":["misp-galaxy:mitre-intrusion-set=\"TEMP.Veles - G0088\"","misp-galaxy:threat-actor=\"TEMP.Veles\""],"XENOTIME":["misp-galaxy:mitre-intrusion-set=\"TEMP.Veles - G0088\"","misp-galaxy:threat-actor=\"XENOTIME\""],"APT27":["misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Iron Tiger":["misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"LuckyMouse":["misp-galaxy:mitre-intrusion-set=\"Threat Group-3390 - G0027\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Thrip - G0076":["misp-galaxy:mitre-intrusion-set=\"Thrip - G0076\""],"Thrip":["misp-galaxy:mitre-intrusion-set=\"Thrip - G0076\"","misp-galaxy:threat-actor=\"Thrip\""],"Tropic Trooper - G0081":["misp-galaxy:mitre-intrusion-set=\"Tropic Trooper - G0081\""],"Tropic Trooper":["misp-galaxy:mitre-intrusion-set=\"Tropic Trooper - G0081\"","misp-galaxy:threat-actor=\"Tropic Trooper\""],"VENOMOUS BEAR":["misp-galaxy:mitre-intrusion-set=\"Turla - G0010\""],"Krypton":["misp-galaxy:mitre-intrusion-set=\"Turla - G0010\""],"HOGFISH":["misp-galaxy:mitre-intrusion-set=\"menuPass - G0045\"","misp-galaxy:threat-actor=\"Stone Panda\""],"ANDROIDOS_ANSERVER.A - S0310":["misp-galaxy:mitre-malware=\"ANDROIDOS_ANSERVER.A - S0310\""],"ANDROIDOS_ANSERVER.A":["misp-galaxy:mitre-malware=\"ANDROIDOS_ANSERVER.A - S0310\"","misp-galaxy:mitre-mobile-attack-malware=\"ANDROIDOS_ANSERVER.A - MOB-S0026\""],"Adups - S0309":["misp-galaxy:mitre-malware=\"Adups - S0309\""],"Adups":["misp-galaxy:mitre-malware=\"Adups - S0309\"","misp-galaxy:mitre-mobile-attack-malware=\"Adups - MOB-S0025\""],"Agent Tesla - S0331":["misp-galaxy:mitre-malware=\"Agent Tesla - S0331\""],"Allwinner - S0319":["misp-galaxy:mitre-malware=\"Allwinner - S0319\""],"Allwinner":["misp-galaxy:mitre-malware=\"Allwinner - S0319\""],"AndroRAT - S0292":["misp-galaxy:mitre-malware=\"AndroRAT - S0292\""],"Android Overlay Malware - S0296":["misp-galaxy:mitre-malware=\"Android Overlay Malware - S0296\""],"Android Overlay Malware":["misp-galaxy:mitre-malware=\"Android Overlay Malware - S0296\""],"Android\/Chuli.A - S0304":["misp-galaxy:mitre-malware=\"Android\/Chuli.A - S0304\""],"Android\/Chuli.A":["misp-galaxy:mitre-malware=\"Android\/Chuli.A - S0304\"","misp-galaxy:mitre-mobile-attack-malware=\"Android\/Chuli.A - MOB-S0020\""],"Astaroth - S0373":["misp-galaxy:mitre-malware=\"Astaroth - S0373\""],"Astaroth":["misp-galaxy:mitre-malware=\"Astaroth - S0373\""],"AuditCred - S0347":["misp-galaxy:mitre-malware=\"AuditCred - S0347\""],"AuditCred":["misp-galaxy:mitre-malware=\"AuditCred - S0347\""],"Roptimizer":["misp-galaxy:mitre-malware=\"AuditCred - S0347\""],"Azorult - S0344":["misp-galaxy:mitre-malware=\"Azorult - S0344\""],"BADCALL - S0245":["misp-galaxy:mitre-malware=\"BADCALL - S0245\""],"BADCALL":["misp-galaxy:mitre-malware=\"BADCALL - S0245\""],"BONDUPDATER - S0360":["misp-galaxy:mitre-malware=\"BONDUPDATER - S0360\""],"BadPatch - S0337":["misp-galaxy:mitre-malware=\"BadPatch - S0337\""],"BadPatch":["misp-galaxy:mitre-malware=\"BadPatch - S0337\""],"Bandook - S0234":["misp-galaxy:mitre-malware=\"Bandook - S0234\""],"Bandook":["misp-galaxy:mitre-malware=\"Bandook - S0234\""],"Bankshot - S0239":["misp-galaxy:mitre-malware=\"Bankshot - S0239\""],"Trojan Manuscript":["misp-galaxy:mitre-malware=\"Bankshot - S0239\""],"Bisonal - S0268":["misp-galaxy:mitre-malware=\"Bisonal - S0268\""],"BrainTest - S0293":["misp-galaxy:mitre-malware=\"BrainTest - S0293\""],"BrainTest":["misp-galaxy:mitre-malware=\"BrainTest - S0293\"","misp-galaxy:mitre-mobile-attack-malware=\"BrainTest - MOB-S0009\""],"Brave Prince - S0252":["misp-galaxy:mitre-malware=\"Brave Prince - S0252\""],"Brave Prince":["misp-galaxy:mitre-malware=\"Brave Prince - S0252\""],"Backdoor.SofacyX":["misp-galaxy:mitre-malware=\"CHOPSTICK - S0023\""],"Calisto - S0274":["misp-galaxy:mitre-malware=\"Calisto - S0274\""],"Cannon - S0351":["misp-galaxy:mitre-malware=\"Cannon - S0351\""],"Carbon - S0335":["misp-galaxy:mitre-malware=\"Carbon - S0335\""],"Cardinal RAT - S0348":["misp-galaxy:mitre-malware=\"Cardinal RAT - S0348\""],"Catchamas - S0261":["misp-galaxy:mitre-malware=\"Catchamas - S0261\""],"Charger - S0323":["misp-galaxy:mitre-malware=\"Charger - S0323\""],"Cobian RAT - S0338":["misp-galaxy:mitre-malware=\"Cobian RAT - S0338\""],"CoinTicker - S0369":["misp-galaxy:mitre-malware=\"CoinTicker - S0369\""],"CoinTicker":["misp-galaxy:mitre-malware=\"CoinTicker - S0369\""],"Comnie - S0244":["misp-galaxy:mitre-malware=\"Comnie - S0244\""],"Comnie":["misp-galaxy:mitre-malware=\"Comnie - S0244\"","misp-galaxy:rat=\"Comnie\"","misp-galaxy:threat-actor=\"Blackgear\""],"CrossRAT - S0235":["misp-galaxy:mitre-malware=\"CrossRAT - S0235\""],"DDKONG - S0255":["misp-galaxy:mitre-malware=\"DDKONG - S0255\""],"DarkComet - S0334":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"DarkKomet":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"Krademok":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"FYNLOS":["misp-galaxy:mitre-malware=\"DarkComet - S0334\""],"DealersChoice - S0243":["misp-galaxy:mitre-malware=\"DealersChoice - S0243\""],"Dendroid - S0301":["misp-galaxy:mitre-malware=\"Dendroid - S0301\""],"Dendroid":["misp-galaxy:mitre-malware=\"Dendroid - S0301\"","misp-galaxy:mitre-mobile-attack-malware=\"Dendroid - MOB-S0017\"","misp-galaxy:rat=\"Dendroid\""],"Denis - S0354":["misp-galaxy:mitre-malware=\"Denis - S0354\""],"Denis":["misp-galaxy:mitre-malware=\"Denis - S0354\""],"Dok - S0281":["misp-galaxy:mitre-malware=\"Dok - S0281\""],"DressCode - S0300":["misp-galaxy:mitre-malware=\"DressCode - S0300\""],"DressCode":["misp-galaxy:mitre-malware=\"DressCode - S0300\"","misp-galaxy:mitre-mobile-attack-malware=\"DressCode - MOB-S0016\""],"DroidJack - S0320":["misp-galaxy:mitre-malware=\"DroidJack - S0320\""],"DroidJack":["misp-galaxy:mitre-malware=\"DroidJack - S0320\"","misp-galaxy:rat=\"DroidJack\""],"DualToy - S0315":["misp-galaxy:mitre-malware=\"DualToy - S0315\""],"DualToy":["misp-galaxy:mitre-malware=\"DualToy - S0315\"","misp-galaxy:mitre-mobile-attack-malware=\"DualToy - MOB-S0031\""],"Ebury - S0377":["misp-galaxy:mitre-malware=\"Ebury - S0377\""],"Emotet - S0367":["misp-galaxy:mitre-malware=\"Emotet - S0367\""],"Exaramel - S0343":["misp-galaxy:mitre-malware=\"Exaramel - S0343\""],"Exaramel":["misp-galaxy:mitre-malware=\"Exaramel - S0343\""],"FELIXROOT - S0267":["misp-galaxy:mitre-malware=\"FELIXROOT - S0267\""],"FELIXROOT":["misp-galaxy:mitre-malware=\"FELIXROOT - S0267\""],"GreyEnergy mini":["misp-galaxy:mitre-malware=\"FELIXROOT - S0267\""],"Final1stspy - S0355":["misp-galaxy:mitre-malware=\"Final1stspy - S0355\""],"Final1stspy":["misp-galaxy:mitre-malware=\"Final1stspy - S0355\""],"FruitFly - S0277":["misp-galaxy:mitre-malware=\"FruitFly - S0277\""],"Gold Dragon - S0249":["misp-galaxy:mitre-malware=\"Gold Dragon - S0249\""],"Gold Dragon":["misp-galaxy:mitre-malware=\"Gold Dragon - S0249\""],"Gooligan - S0290":["misp-galaxy:mitre-malware=\"Gooligan - S0290\""],"Gooligan":["misp-galaxy:mitre-malware=\"Gooligan - S0290\"","misp-galaxy:mitre-mobile-attack-malware=\"Gooligan - MOB-S0006\""],"GravityRAT - S0237":["misp-galaxy:mitre-malware=\"GravityRAT - S0237\""],"GravityRAT":["misp-galaxy:mitre-malware=\"GravityRAT - S0237\"","misp-galaxy:rat=\"GravityRAT\""],"GreyEnergy - S0342":["misp-galaxy:mitre-malware=\"GreyEnergy - S0342\""],"HARDRAIN - S0246":["misp-galaxy:mitre-malware=\"HARDRAIN - S0246\""],"HARDRAIN":["misp-galaxy:mitre-malware=\"HARDRAIN - S0246\""],"HOPLIGHT - S0376":["misp-galaxy:mitre-malware=\"HOPLIGHT - S0376\""],"HummingBad - S0322":["misp-galaxy:mitre-malware=\"HummingBad - S0322\""],"HummingWhale - S0321":["misp-galaxy:mitre-malware=\"HummingWhale - S0321\""],"HummingWhale":["misp-galaxy:mitre-malware=\"HummingWhale - S0321\"","misp-galaxy:mitre-mobile-attack-malware=\"HummingWhale - MOB-S0037\""],"InnaputRAT - S0259":["misp-galaxy:mitre-malware=\"InnaputRAT - S0259\""],"InvisiMole - S0260":["misp-galaxy:mitre-malware=\"InvisiMole - S0260\""],"Trojan.Sofacy":["misp-galaxy:mitre-malware=\"JHUHUGIT - S0044\""],"Judy - S0325":["misp-galaxy:mitre-malware=\"Judy - S0325\""],"KEYMARBLE - S0271":["misp-galaxy:mitre-malware=\"KEYMARBLE - S0271\""],"KONNI - S0356":["misp-galaxy:mitre-malware=\"KONNI - S0356\""],"KONNI":["misp-galaxy:mitre-malware=\"KONNI - S0356\"","misp-galaxy:rat=\"Konni\"","misp-galaxy:tool=\"KONNI\""],"Kazuar - S0265":["misp-galaxy:mitre-malware=\"Kazuar - S0265\""],"KeyRaider - S0288":["misp-galaxy:mitre-malware=\"KeyRaider - S0288\""],"KeyRaider":["misp-galaxy:mitre-malware=\"KeyRaider - S0288\"","misp-galaxy:mitre-mobile-attack-malware=\"KeyRaider - MOB-S0004\""],"Keydnap - S0276":["misp-galaxy:mitre-malware=\"Keydnap - S0276\""],"OSX\/Keydnap":["misp-galaxy:mitre-malware=\"Keydnap - S0276\""],"Kwampirs - S0236":["misp-galaxy:mitre-malware=\"Kwampirs - S0236\""],"Linux Rabbit - S0362":["misp-galaxy:mitre-malware=\"Linux Rabbit - S0362\""],"Linux Rabbit":["misp-galaxy:mitre-malware=\"Linux Rabbit - S0362\""],"LockerGoga - S0372":["misp-galaxy:mitre-malware=\"LockerGoga - S0372\""],"LockerGoga ":["misp-galaxy:mitre-malware=\"LockerGoga - S0372\""],"MacSpy - S0282":["misp-galaxy:mitre-malware=\"MacSpy - S0282\""],"Marcher - S0317":["misp-galaxy:mitre-malware=\"Marcher - S0317\""],"MazarBOT - S0303":["misp-galaxy:mitre-malware=\"MazarBOT - S0303\""],"MazarBOT":["misp-galaxy:mitre-malware=\"MazarBOT - S0303\"","misp-galaxy:mitre-mobile-attack-malware=\"MazarBOT - MOB-S0019\""],"Micropsia - S0339":["misp-galaxy:mitre-malware=\"Micropsia - S0339\""],"MirageFox - S0280":["misp-galaxy:mitre-malware=\"MirageFox - S0280\""],"More_eggs - S0284":["misp-galaxy:mitre-malware=\"More_eggs - S0284\""],"Mosquito - S0256":["misp-galaxy:mitre-malware=\"Mosquito - S0256\""],"NDiskMonitor - S0272":["misp-galaxy:mitre-malware=\"NDiskMonitor - S0272\""],"NDiskMonitor":["misp-galaxy:mitre-malware=\"NDiskMonitor - S0272\""],"NOKKI - S0353":["misp-galaxy:mitre-malware=\"NOKKI - S0353\""],"NOKKI":["misp-galaxy:mitre-malware=\"NOKKI - S0353\"","misp-galaxy:tool=\"NOKKI\""],"NanoCore - S0336":["misp-galaxy:mitre-malware=\"NanoCore - S0336\""],"NanoCore":["misp-galaxy:mitre-malware=\"NanoCore - S0336\"","misp-galaxy:rat=\"NanoCore\"","misp-galaxy:tool=\"NanoCoreRAT\""],"NavRAT - S0247":["misp-galaxy:mitre-malware=\"NavRAT - S0247\""],"NotCompatible - S0299":["misp-galaxy:mitre-malware=\"NotCompatible - S0299\""],"NotCompatible":["misp-galaxy:mitre-malware=\"NotCompatible - S0299\"","misp-galaxy:mitre-mobile-attack-malware=\"NotCompatible - MOB-S0015\""],"NotPetya - S0368":["misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"Petrwrap":["misp-galaxy:mitre-malware=\"NotPetya - S0368\""],"OBAD - S0286":["misp-galaxy:mitre-malware=\"OBAD - S0286\""],"OBAD":["misp-galaxy:mitre-malware=\"OBAD - S0286\"","misp-galaxy:mitre-mobile-attack-malware=\"OBAD - MOB-S0002\""],"OSX_OCEANLOTUS.D - S0352":["misp-galaxy:mitre-malware=\"OSX_OCEANLOTUS.D - S0352\""],"OSX_OCEANLOTUS.D":["misp-galaxy:mitre-malware=\"OSX_OCEANLOTUS.D - S0352\""],"OceanSalt - S0346":["misp-galaxy:mitre-malware=\"OceanSalt - S0346\""],"OceanSalt":["misp-galaxy:mitre-malware=\"OceanSalt - S0346\""],"Octopus - S0340":["misp-galaxy:mitre-malware=\"Octopus - S0340\""],"OldBoot - S0285":["misp-galaxy:mitre-malware=\"OldBoot - S0285\""],"OldBoot":["misp-galaxy:mitre-malware=\"OldBoot - S0285\"","misp-galaxy:mitre-mobile-attack-malware=\"OldBoot - MOB-S0001\""],"Olympic Destroyer - S0365":["misp-galaxy:mitre-malware=\"Olympic Destroyer - S0365\""],"OopsIE - S0264":["misp-galaxy:mitre-malware=\"OopsIE - S0264\""],"PJApps - S0291":["misp-galaxy:mitre-malware=\"PJApps - S0291\""],"PJApps":["misp-galaxy:mitre-malware=\"PJApps - S0291\"","misp-galaxy:mitre-mobile-attack-malware=\"PJApps - MOB-S0007\""],"PLAINTEE - S0254":["misp-galaxy:mitre-malware=\"PLAINTEE - S0254\""],"Powermud":["misp-galaxy:mitre-malware=\"POWERSTATS - S0223\""],"POWERTON - S0371":["misp-galaxy:mitre-malware=\"POWERTON - S0371\""],"POWERTON":["misp-galaxy:mitre-malware=\"POWERTON - S0371\""],"Pegasus for Android - S0316":["misp-galaxy:mitre-malware=\"Pegasus for Android - S0316\""],"Pegasus for Android":["misp-galaxy:mitre-malware=\"Pegasus for Android - S0316\"","misp-galaxy:mitre-mobile-attack-malware=\"Pegasus for Android - MOB-S0032\""],"Pegasus for iOS - S0289":["misp-galaxy:mitre-malware=\"Pegasus for iOS - S0289\""],"Pegasus for iOS":["misp-galaxy:mitre-malware=\"Pegasus for iOS - S0289\""],"DestroyRAT":["misp-galaxy:mitre-malware=\"PlugX - S0013\""],"Proton - S0279":["misp-galaxy:mitre-malware=\"Proton - S0279\""],"Proton":["misp-galaxy:mitre-malware=\"Proton - S0279\"","misp-galaxy:tool=\"Proton\""],"Proxysvc - S0238":["misp-galaxy:mitre-malware=\"Proxysvc - S0238\""],"Proxysvc":["misp-galaxy:mitre-malware=\"Proxysvc - S0238\"","misp-galaxy:tool=\"Proxysvc\""],"QUADAGENT - S0269":["misp-galaxy:mitre-malware=\"QUADAGENT - S0269\""],"RATANKBA - S0241":["misp-galaxy:mitre-malware=\"RATANKBA - S0241\""],"RATANKBA":["misp-galaxy:mitre-malware=\"RATANKBA - S0241\""],"RCSAndroid - S0295":["misp-galaxy:mitre-malware=\"RCSAndroid - S0295\""],"RCSAndroid":["misp-galaxy:mitre-malware=\"RCSAndroid - S0295\"","misp-galaxy:mitre-mobile-attack-malware=\"RCSAndroid - MOB-S0011\""],"RGDoor - S0258":["misp-galaxy:mitre-malware=\"RGDoor - S0258\""],"ROKRAT - S0240":["misp-galaxy:mitre-malware=\"ROKRAT - S0240\""],"ROKRAT":["misp-galaxy:mitre-malware=\"ROKRAT - S0240\"","misp-galaxy:rat=\"rokrat\""],"RedDrop - S0326":["misp-galaxy:mitre-malware=\"RedDrop - S0326\""],"Remexi - S0375":["misp-galaxy:mitre-malware=\"Remexi - S0375\""],"RogueRobin - S0270":["misp-galaxy:mitre-malware=\"RogueRobin - S0270\""],"RuMMS - S0313":["misp-galaxy:mitre-malware=\"RuMMS - S0313\""],"RuMMS":["misp-galaxy:mitre-malware=\"RuMMS - S0313\"","misp-galaxy:mitre-mobile-attack-malware=\"RuMMS - MOB-S0029\""],"RunningRAT - S0253":["misp-galaxy:mitre-malware=\"RunningRAT - S0253\""],"RunningRAT":["misp-galaxy:mitre-malware=\"RunningRAT - S0253\""],"SamSam - S0370":["misp-galaxy:mitre-malware=\"SamSam - S0370\""],"Samas":["misp-galaxy:mitre-malware=\"SamSam - S0370\""],"Seasalt - S0345":["misp-galaxy:mitre-malware=\"Seasalt - S0345\""],"Seasalt":["misp-galaxy:mitre-malware=\"Seasalt - S0345\""],"ShiftyBug - S0294":["misp-galaxy:mitre-malware=\"ShiftyBug - S0294\""],"ShiftyBug":["misp-galaxy:mitre-malware=\"ShiftyBug - S0294\"","misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Skygofree - S0327":["misp-galaxy:mitre-malware=\"Skygofree - S0327\""],"Socksbot - S0273":["misp-galaxy:mitre-malware=\"Socksbot - S0273\""],"Socksbot":["misp-galaxy:mitre-malware=\"Socksbot - S0273\""],"SpeakUp - S0374":["misp-galaxy:mitre-malware=\"SpeakUp - S0374\""],"SpyDealer - S0324":["misp-galaxy:mitre-malware=\"SpyDealer - S0324\""],"SpyDealer":["misp-galaxy:mitre-malware=\"SpyDealer - S0324\"","misp-galaxy:tool=\"SpyDealer\""],"SpyNote RAT - S0305":["misp-galaxy:mitre-malware=\"SpyNote RAT - S0305\""],"SpyNote RAT":["misp-galaxy:mitre-malware=\"SpyNote RAT - S0305\"","misp-galaxy:mitre-mobile-attack-malware=\"SpyNote RAT - MOB-S0021\""],"Stealth Mango - S0328":["misp-galaxy:mitre-malware=\"Stealth Mango - S0328\""],"SynAck - S0242":["misp-galaxy:mitre-malware=\"SynAck - S0242\""],"TYPEFRAME - S0263":["misp-galaxy:mitre-malware=\"TYPEFRAME - S0263\""],"TYPEFRAME":["misp-galaxy:mitre-malware=\"TYPEFRAME - S0263\"","misp-galaxy:tool=\"TYPEFRAME\""],"Tangelo - S0329":["misp-galaxy:mitre-malware=\"Tangelo - S0329\""],"Tangelo":["misp-galaxy:mitre-malware=\"Tangelo - S0329\""],"TrickBot - S0266":["misp-galaxy:mitre-malware=\"TrickBot - S0266\""],"Totbrick":["misp-galaxy:mitre-malware=\"TrickBot - S0266\""],"TSPY_TRICKLOAD":["misp-galaxy:mitre-malware=\"TrickBot - S0266\""],"Trojan-SMS.AndroidOS.Agent.ao - S0307":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.Agent.ao - S0307\""],"Trojan-SMS.AndroidOS.Agent.ao":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.Agent.ao - S0307\"","misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023\""],"Trojan-SMS.AndroidOS.FakeInst.a - S0306":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - S0306\""],"Trojan-SMS.AndroidOS.FakeInst.a":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - S0306\"","misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022\""],"Trojan-SMS.AndroidOS.OpFake.a - S0308":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.OpFake.a - S0308\""],"Trojan-SMS.AndroidOS.OpFake.a":["misp-galaxy:mitre-malware=\"Trojan-SMS.AndroidOS.OpFake.a - S0308\"","misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024\""],"Twitoor - S0302":["misp-galaxy:mitre-malware=\"Twitoor - S0302\""],"Twitoor":["misp-galaxy:mitre-malware=\"Twitoor - S0302\"","misp-galaxy:mitre-mobile-attack-malware=\"Twitoor - MOB-S0018\""],"UBoatRAT - S0333":["misp-galaxy:mitre-malware=\"UBoatRAT - S0333\""],"UBoatRAT":["misp-galaxy:mitre-malware=\"UBoatRAT - S0333\"","misp-galaxy:rat=\"UBoatRAT\""],"UPPERCUT - S0275":["misp-galaxy:mitre-malware=\"UPPERCUT - S0275\""],"UPPERCUT":["misp-galaxy:mitre-malware=\"UPPERCUT - S0275\"","misp-galaxy:tool=\"ANEL\""],"ANEL":["misp-galaxy:mitre-malware=\"UPPERCUT - S0275\"","misp-galaxy:tool=\"ANEL\""],"VERMIN - S0257":["misp-galaxy:mitre-malware=\"VERMIN - S0257\""],"VERMIN":["misp-galaxy:mitre-malware=\"VERMIN - S0257\""],"WannaCry - S0366":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WanaCry":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WanaCrypt":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WanaCrypt0r":["misp-galaxy:mitre-malware=\"WannaCry - S0366\"","misp-galaxy:ransomware=\"WannaCry\""],"WCry":["misp-galaxy:mitre-malware=\"WannaCry - S0366\""],"WireLurker - S0312":["misp-galaxy:mitre-malware=\"WireLurker - S0312\""],"WireLurker":["misp-galaxy:mitre-malware=\"WireLurker - S0312\"","misp-galaxy:mitre-mobile-attack-malware=\"WireLurker - MOB-S0028\""],"X-Agent for Android - S0314":["misp-galaxy:mitre-malware=\"X-Agent for Android - S0314\""],"X-Agent for Android":["misp-galaxy:mitre-malware=\"X-Agent for Android - S0314\""],"OSX.Sofacy":["misp-galaxy:mitre-malware=\"XAgentOSX - S0161\""],"XLoader - S0318":["misp-galaxy:mitre-malware=\"XLoader - S0318\""],"Trojan.Shunnael":["misp-galaxy:mitre-malware=\"XTunnel - S0117\""],"Xbash - S0341":["misp-galaxy:mitre-malware=\"Xbash - S0341\""],"XcodeGhost - S0297":["misp-galaxy:mitre-malware=\"XcodeGhost - S0297\""],"XcodeGhost":["misp-galaxy:mitre-malware=\"XcodeGhost - S0297\"","misp-galaxy:mitre-mobile-attack-malware=\"XcodeGhost - MOB-S0013\""],"YiSpecter - S0311":["misp-galaxy:mitre-malware=\"YiSpecter - S0311\""],"YiSpecter":["misp-galaxy:mitre-malware=\"YiSpecter - S0311\"","misp-galaxy:mitre-mobile-attack-malware=\"YiSpecter - MOB-S0027\""],"Zebrocy - S0251":["misp-galaxy:mitre-malware=\"Zebrocy - S0251\""],"ZergHelper - S0287":["misp-galaxy:mitre-malware=\"ZergHelper - S0287\""],"ZergHelper":["misp-galaxy:mitre-malware=\"ZergHelper - S0287\"","misp-galaxy:mitre-mobile-attack-malware=\"ZergHelper - MOB-S0003\""],"Zeus Panda - S0330":["misp-galaxy:mitre-malware=\"Zeus Panda - S0330\""],"gh0st RAT - S0032":["misp-galaxy:mitre-malware=\"gh0st RAT - S0032\""],"gh0st RAT":["misp-galaxy:mitre-malware=\"gh0st RAT - S0032\""],"iKitten - S0278":["misp-galaxy:mitre-malware=\"iKitten - S0278\""],"iKitten":["misp-galaxy:mitre-malware=\"iKitten - S0278\"","misp-galaxy:tool=\"MacDownloader\""],"OSX\/MacDownloader":["misp-galaxy:mitre-malware=\"iKitten - S0278\""],"jRAT - S0283":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"jFrutas":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"jBiFrost":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"Trojan.Maljava":["misp-galaxy:mitre-malware=\"jRAT - S0283\""],"yty - S0248":["misp-galaxy:mitre-malware=\"yty - S0248\""],"zwShell - S0350":["misp-galaxy:mitre-malware=\"zwShell - S0350\""],"zwShell":["misp-galaxy:mitre-malware=\"zwShell - S0350\""],"Abuse Accessibility Features - MOB-T1056":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Abuse Accessibility Features - MOB-T1056\""],"Abuse Device Administrator Access to Prevent Removal - MOB-T1004":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Abuse Device Administrator Access to Prevent Removal - MOB-T1004\""],"Abuse of iOS Enterprise App Signing Key - MOB-T1048":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Abuse of iOS Enterprise App Signing Key - MOB-T1048\""],"Access Calendar Entries - MOB-T1038":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Calendar Entries - MOB-T1038\""],"Access Call Log - MOB-T1036":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Call Log - MOB-T1036\""],"Access Contact List - MOB-T1035":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Contact List - MOB-T1035\""],"Access Sensitive Data in Device Logs - MOB-T1016":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Sensitive Data in Device Logs - MOB-T1016\""],"Access Sensitive Data or Credentials in Files - MOB-T1012":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Access Sensitive Data or Credentials in Files - MOB-T1012\""],"Alternate Network Mediums - MOB-T1041":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Alternate Network Mediums - MOB-T1041\""],"Android Intent Hijacking - MOB-T1019":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Android Intent Hijacking - MOB-T1019\""],"App Auto-Start at Device Boot - MOB-T1005":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"App Auto-Start at Device Boot - MOB-T1005\""],"App Delivered via Email Attachment - MOB-T1037":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"App Delivered via Email Attachment - MOB-T1037\""],"App Delivered via Web Download - MOB-T1034":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"App Delivered via Web Download - MOB-T1034\""],"Application Discovery - MOB-T1021":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Application Discovery - MOB-T1021\""],"Attack PC via USB Connection - MOB-T1030":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Attack PC via USB Connection - MOB-T1030\""],"Biometric Spoofing - MOB-T1063":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Biometric Spoofing - MOB-T1063\""],"Capture Clipboard Data - MOB-T1017":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Capture Clipboard Data - MOB-T1017\""],"Capture SMS Messages - MOB-T1015":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Capture SMS Messages - MOB-T1015\""],"Commonly Used Port - MOB-T1039":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Commonly Used Port - MOB-T1039\""],"Detect App Analysis Environment - MOB-T1043":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Detect App Analysis Environment - MOB-T1043\""],"Device Type Discovery - MOB-T1022":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Device Type Discovery - MOB-T1022\""],"Device Unlock Code Guessing or Brute Force - MOB-T1062":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Device Unlock Code Guessing or Brute Force - MOB-T1062\""],"Disguise Root\/Jailbreak Indicators - MOB-T1011":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Disguise Root\/Jailbreak Indicators - MOB-T1011\""],"Downgrade to Insecure Protocols - MOB-T1069":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Downgrade to Insecure Protocols - MOB-T1069\""],"Download New Code at Runtime - MOB-T1010":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Download New Code at Runtime - MOB-T1010\""],"Eavesdrop on Insecure Network Communication - MOB-T1042":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Eavesdrop on Insecure Network Communication - MOB-T1042\""],"Encrypt Files for Ransom - MOB-T1074":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Encrypt Files for Ransom - MOB-T1074\""],"Exploit Baseband Vulnerability - MOB-T1058":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit Baseband Vulnerability - MOB-T1058\""],"Exploit Enterprise Resources - MOB-T1031":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit Enterprise Resources - MOB-T1031\""],"Exploit OS Vulnerability - MOB-T1007":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit OS Vulnerability - MOB-T1007\""],"Exploit SS7 to Redirect Phone Calls\/SMS - MOB-T1052":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit SS7 to Redirect Phone Calls\/SMS - MOB-T1052\""],"Exploit SS7 to Track Device Location - MOB-T1053":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit SS7 to Track Device Location - MOB-T1053\""],"Exploit TEE Vulnerability - MOB-T1008":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit TEE Vulnerability - MOB-T1008\""],"Exploit via Charging Station or PC - MOB-T1061":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Exploit via Charging Station or PC - MOB-T1061\""],"Fake Developer Accounts - MOB-T1045":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Fake Developer Accounts - MOB-T1045\""],"File and Directory Discovery - MOB-T1023":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"File and Directory Discovery - MOB-T1023\""],"Generate Fraudulent Advertising Revenue - MOB-T1075":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Generate Fraudulent Advertising Revenue - MOB-T1075\""],"Insecure Third-Party Libraries - MOB-T1028":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Insecure Third-Party Libraries - MOB-T1028\""],"Jamming or Denial of Service - MOB-T1067":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Jamming or Denial of Service - MOB-T1067\""],"Local Network Configuration Discovery - MOB-T1025":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Local Network Configuration Discovery - MOB-T1025\""],"Local Network Connections Discovery - MOB-T1024":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Local Network Connections Discovery - MOB-T1024\""],"Location Tracking - MOB-T1033":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Location Tracking - MOB-T1033\""],"Lock User Out of Device - MOB-T1049":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Lock User Out of Device - MOB-T1049\""],"Lockscreen Bypass - MOB-T1064":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Lockscreen Bypass - MOB-T1064\""],"Malicious Media Content - MOB-T1060":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Media Content - MOB-T1060\""],"Malicious SMS Message - MOB-T1057":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious SMS Message - MOB-T1057\""],"Malicious Software Development Tools - MOB-T1065":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Software Development Tools - MOB-T1065\""],"Malicious Third Party Keyboard App - MOB-T1020":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Third Party Keyboard App - MOB-T1020\""],"Malicious Web Content - MOB-T1059":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious Web Content - MOB-T1059\""],"Malicious or Vulnerable Built-in Device Functionality - MOB-T1076":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Malicious or Vulnerable Built-in Device Functionality - MOB-T1076\""],"Manipulate App Store Rankings or Ratings - MOB-T1055":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Manipulate App Store Rankings or Ratings - MOB-T1055\""],"Manipulate Device Communication - MOB-T1066":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Manipulate Device Communication - MOB-T1066\""],"Microphone or Camera Recordings - MOB-T1032":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Microphone or Camera Recordings - MOB-T1032\""],"Modify OS Kernel or Boot Partition - MOB-T1001":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify OS Kernel or Boot Partition - MOB-T1001\""],"Modify System Partition - MOB-T1003":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify System Partition - MOB-T1003\""],"Modify Trusted Execution Environment - MOB-T1002":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify Trusted Execution Environment - MOB-T1002\""],"Modify cached executable code - MOB-T1006":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Modify cached executable code - MOB-T1006\""],"Network Service Scanning - MOB-T1026":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Network Service Scanning - MOB-T1026\""],"Network Traffic Capture or Redirection - MOB-T1013":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Network Traffic Capture or Redirection - MOB-T1013\""],"Obfuscated or Encrypted Payload - MOB-T1009":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Obfuscated or Encrypted Payload - MOB-T1009\""],"Obtain Device Cloud Backups - MOB-T1073":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Obtain Device Cloud Backups - MOB-T1073\""],"Premium SMS Toll Fraud - MOB-T1051":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Premium SMS Toll Fraud - MOB-T1051\""],"Process Discovery - MOB-T1027":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Process Discovery - MOB-T1027\""],"Remotely Install Application - MOB-T1046":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Remotely Install Application - MOB-T1046\""],"Remotely Track Device Without Authorization - MOB-T1071":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Remotely Track Device Without Authorization - MOB-T1071\""],"Remotely Wipe Data Without Authorization - MOB-T1072":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Remotely Wipe Data Without Authorization - MOB-T1072\""],"Repackaged Application - MOB-T1047":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Repackaged Application - MOB-T1047\""],"Rogue Cellular Base Station - MOB-T1070":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Rogue Cellular Base Station - MOB-T1070\""],"Rogue Wi-Fi Access Points - MOB-T1068":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Rogue Wi-Fi Access Points - MOB-T1068\""],"SIM Card Swap - MOB-T1054":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"SIM Card Swap - MOB-T1054\""],"Standard Application Layer Protocol - MOB-T1040":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Standard Application Layer Protocol - MOB-T1040\""],"Stolen Developer Credentials or Signing Keys - MOB-T1044":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Stolen Developer Credentials or Signing Keys - MOB-T1044\""],"System Information Discovery - MOB-T1029":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"System Information Discovery - MOB-T1029\""],"URL Scheme Hijacking - MOB-T1018":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"URL Scheme Hijacking - MOB-T1018\""],"User Interface Spoofing - MOB-T1014":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"User Interface Spoofing - MOB-T1014\""],"Wipe Device Data - MOB-T1050":["misp-galaxy:mitre-mobile-attack-attack-pattern=\"Wipe Device Data - MOB-T1050\""],"Application Developer Guidance - MOB-M1013":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Application Developer Guidance - MOB-M1013\""],"Application Vetting - MOB-M1005":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Application Vetting - MOB-M1005\""],"Attestation - MOB-M1002":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Attestation - MOB-M1002\""],"Caution with Device Administrator Access - MOB-M1007":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Caution with Device Administrator Access - MOB-M1007\""],"Deploy Compromised Device Detection Method - MOB-M1010":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Deploy Compromised Device Detection Method - MOB-M1010\""],"Encrypt Network Traffic - MOB-M1009":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Encrypt Network Traffic - MOB-M1009\""],"Enterprise Policy - MOB-M1012":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Enterprise Policy - MOB-M1012\""],"Interconnection Filtering - MOB-M1014":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Interconnection Filtering - MOB-M1014\""],"Lock Bootloader - MOB-M1003":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Lock Bootloader - MOB-M1003\""],"Security Updates - MOB-M1001":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Security Updates - MOB-M1001\""],"System Partition Integrity - MOB-M1004":["misp-galaxy:mitre-mobile-attack-course-of-action=\"System Partition Integrity - MOB-M1004\""],"Use Device-Provided Credential Storage - MOB-M1008":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Use Device-Provided Credential Storage - MOB-M1008\""],"Use Recent OS Version - MOB-M1006":["misp-galaxy:mitre-mobile-attack-course-of-action=\"Use Recent OS Version - MOB-M1006\""],"User Guidance - MOB-M1011":["misp-galaxy:mitre-mobile-attack-course-of-action=\"User Guidance - MOB-M1011\""],"ANDROIDOS_ANSERVER.A - MOB-S0026":["misp-galaxy:mitre-mobile-attack-malware=\"ANDROIDOS_ANSERVER.A - MOB-S0026\""],"Adups - MOB-S0025":["misp-galaxy:mitre-mobile-attack-malware=\"Adups - MOB-S0025\""],"AndroRAT - MOB-S0008":["misp-galaxy:mitre-mobile-attack-malware=\"AndroRAT - MOB-S0008\""],"Android\/Chuli.A - MOB-S0020":["misp-galaxy:mitre-mobile-attack-malware=\"Android\/Chuli.A - MOB-S0020\""],"AndroidOverlayMalware - MOB-S0012":["misp-galaxy:mitre-mobile-attack-malware=\"AndroidOverlayMalware - MOB-S0012\""],"AndroidOverlayMalware":["misp-galaxy:mitre-mobile-attack-malware=\"AndroidOverlayMalware - MOB-S0012\""],"BrainTest - MOB-S0009":["misp-galaxy:mitre-mobile-attack-malware=\"BrainTest - MOB-S0009\""],"Charger - MOB-S0039":["misp-galaxy:mitre-mobile-attack-malware=\"Charger - MOB-S0039\""],"Dendroid - MOB-S0017":["misp-galaxy:mitre-mobile-attack-malware=\"Dendroid - MOB-S0017\""],"DressCode - MOB-S0016":["misp-galaxy:mitre-mobile-attack-malware=\"DressCode - MOB-S0016\""],"DroidJack RAT - MOB-S0036":["misp-galaxy:mitre-mobile-attack-malware=\"DroidJack RAT - MOB-S0036\""],"DroidJack RAT":["misp-galaxy:mitre-mobile-attack-malware=\"DroidJack RAT - MOB-S0036\""],"DualToy - MOB-S0031":["misp-galaxy:mitre-mobile-attack-malware=\"DualToy - MOB-S0031\""],"Gooligan - MOB-S0006":["misp-galaxy:mitre-mobile-attack-malware=\"Gooligan - MOB-S0006\""],"HummingBad - MOB-S0038":["misp-galaxy:mitre-mobile-attack-malware=\"HummingBad - MOB-S0038\""],"HummingWhale - MOB-S0037":["misp-galaxy:mitre-mobile-attack-malware=\"HummingWhale - MOB-S0037\""],"KeyRaider - MOB-S0004":["misp-galaxy:mitre-mobile-attack-malware=\"KeyRaider - MOB-S0004\""],"MazarBOT - MOB-S0019":["misp-galaxy:mitre-mobile-attack-malware=\"MazarBOT - MOB-S0019\""],"NotCompatible - MOB-S0015":["misp-galaxy:mitre-mobile-attack-malware=\"NotCompatible - MOB-S0015\""],"OBAD - MOB-S0002":["misp-galaxy:mitre-mobile-attack-malware=\"OBAD - MOB-S0002\""],"OldBoot - MOB-S0001":["misp-galaxy:mitre-mobile-attack-malware=\"OldBoot - MOB-S0001\""],"PJApps - MOB-S0007":["misp-galaxy:mitre-mobile-attack-malware=\"PJApps - MOB-S0007\""],"Pegasus - MOB-S0005":["misp-galaxy:mitre-mobile-attack-malware=\"Pegasus - MOB-S0005\""],"Pegasus for Android - MOB-S0032":["misp-galaxy:mitre-mobile-attack-malware=\"Pegasus for Android - MOB-S0032\""],"RCSAndroid - MOB-S0011":["misp-galaxy:mitre-mobile-attack-malware=\"RCSAndroid - MOB-S0011\""],"RuMMS - MOB-S0029":["misp-galaxy:mitre-mobile-attack-malware=\"RuMMS - MOB-S0029\""],"Shedun - MOB-S0010":["misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Shedun":["misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"Shuanet":["misp-galaxy:mitre-mobile-attack-malware=\"Shedun - MOB-S0010\""],"SpyNote RAT - MOB-S0021":["misp-galaxy:mitre-mobile-attack-malware=\"SpyNote RAT - MOB-S0021\""],"Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023":["misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.Agent.ao - MOB-S0023\""],"Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022":["misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.FakeInst.a - MOB-S0022\""],"Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024":["misp-galaxy:mitre-mobile-attack-malware=\"Trojan-SMS.AndroidOS.OpFake.a - MOB-S0024\""],"Twitoor - MOB-S0018":["misp-galaxy:mitre-mobile-attack-malware=\"Twitoor - MOB-S0018\""],"WireLurker - MOB-S0028":["misp-galaxy:mitre-mobile-attack-malware=\"WireLurker - MOB-S0028\""],"X-Agent - MOB-S0030":["misp-galaxy:mitre-mobile-attack-malware=\"X-Agent - MOB-S0030\""],"XcodeGhost - MOB-S0013":["misp-galaxy:mitre-mobile-attack-malware=\"XcodeGhost - MOB-S0013\""],"YiSpecter - MOB-S0027":["misp-galaxy:mitre-mobile-attack-malware=\"YiSpecter - MOB-S0027\""],"ZergHelper - MOB-S0003":["misp-galaxy:mitre-mobile-attack-malware=\"ZergHelper - MOB-S0003\""],"Xbot - MOB-S0014":["misp-galaxy:mitre-mobile-attack-tool=\"Xbot - MOB-S0014\""],"Acquire OSINT data sets and information - PRE-T1024":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire OSINT data sets and information - PRE-T1024\""],"Acquire OSINT data sets and information - PRE-T1043":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire OSINT data sets and information - PRE-T1043\""],"Acquire OSINT data sets and information - PRE-T1054":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire OSINT data sets and information - PRE-T1054\""],"Acquire and\/or use 3rd party infrastructure services - PRE-T1084":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - PRE-T1084\""],"Acquire and\/or use 3rd party infrastructure services - PRE-T1106":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party infrastructure services - PRE-T1106\""],"Acquire and\/or use 3rd party software services - PRE-T1085":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party software services - PRE-T1085\""],"Acquire and\/or use 3rd party software services - PRE-T1107":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire and\/or use 3rd party software services - PRE-T1107\""],"Acquire or compromise 3rd party signing certificates - PRE-T1087":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire or compromise 3rd party signing certificates - PRE-T1087\""],"Acquire or compromise 3rd party signing certificates - PRE-T1109":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Acquire or compromise 3rd party signing certificates - PRE-T1109\""],"Aggregate individual's digital footprint - PRE-T1052":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Aggregate individual's digital footprint - PRE-T1052\""],"Analyze application security posture - PRE-T1070":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze application security posture - PRE-T1070\""],"Analyze architecture and configuration posture - PRE-T1065":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze architecture and configuration posture - PRE-T1065\""],"Analyze business processes - PRE-T1078":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze business processes - PRE-T1078\""],"Analyze data collected - PRE-T1064":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze data collected - PRE-T1064\""],"Analyze hardware\/software security defensive capabilities - PRE-T1071":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze hardware\/software security defensive capabilities - PRE-T1071\""],"Analyze organizational skillsets and deficiencies - PRE-T1066":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze organizational skillsets and deficiencies - PRE-T1066\""],"Analyze organizational skillsets and deficiencies - PRE-T1074":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze organizational skillsets and deficiencies - PRE-T1074\""],"Analyze organizational skillsets and deficiencies - PRE-T1077":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze organizational skillsets and deficiencies - PRE-T1077\""],"Analyze presence of outsourced capabilities - PRE-T1080":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze presence of outsourced capabilities - PRE-T1080\""],"Analyze social and business relationships, interests, and affiliations - PRE-T1072":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Analyze social and business relationships, interests, and affiliations - PRE-T1072\""],"Anonymity services - PRE-T1083":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Anonymity services - PRE-T1083\""],"Assess KITs\/KIQs benefits - PRE-T1006":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess KITs\/KIQs benefits - PRE-T1006\""],"Assess current holdings, needs, and wants - PRE-T1013":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess current holdings, needs, and wants - PRE-T1013\""],"Assess leadership areas of interest - PRE-T1001":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess leadership areas of interest - PRE-T1001\""],"Assess opportunities created by business deals - PRE-T1076":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess opportunities created by business deals - PRE-T1076\""],"Assess security posture of physical locations - PRE-T1079":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess security posture of physical locations - PRE-T1079\""],"Assess targeting options - PRE-T1073":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess targeting options - PRE-T1073\""],"Assess vulnerability of 3rd party vendors - PRE-T1075":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assess vulnerability of 3rd party vendors - PRE-T1075\""],"Assign KITs, KIQs, and\/or intelligence requirements - PRE-T1015":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assign KITs, KIQs, and\/or intelligence requirements - PRE-T1015\""],"Assign KITs\/KIQs into categories - PRE-T1005":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Assign KITs\/KIQs into categories - PRE-T1005\""],"Authentication attempt - PRE-T1158":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Authentication attempt - PRE-T1158\""],"Authorized user performs requested cyber action - PRE-T1163":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Authorized user performs requested cyber action - PRE-T1163\""],"Automated system performs requested action - PRE-T1161":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Automated system performs requested action - PRE-T1161\""],"Build and configure delivery systems - PRE-T1124":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Build and configure delivery systems - PRE-T1124\""],"Build or acquire exploits - PRE-T1126":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Build or acquire exploits - PRE-T1126\""],"Build social network persona - PRE-T1118":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Build social network persona - PRE-T1118\""],"Buy domain name - PRE-T1105":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Buy domain name - PRE-T1105\""],"C2 protocol development - PRE-T1129":["misp-galaxy:mitre-pre-attack-attack-pattern=\"C2 protocol development - PRE-T1129\""],"Choose pre-compromised mobile app developer account credentials or signing keys - PRE-T1168":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Choose pre-compromised mobile app developer account credentials or signing keys - PRE-T1168\""],"Choose pre-compromised persona and affiliated accounts - PRE-T1120":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Choose pre-compromised persona and affiliated accounts - PRE-T1120\""],"Common, high volume protocols and software - PRE-T1098":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Common, high volume protocols and software - PRE-T1098\""],"Compromise 3rd party infrastructure to support delivery - PRE-T1089":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - PRE-T1089\""],"Compromise 3rd party infrastructure to support delivery - PRE-T1111":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise 3rd party infrastructure to support delivery - PRE-T1111\""],"Compromise 3rd party or closed-source vulnerability\/exploit information - PRE-T1131":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise 3rd party or closed-source vulnerability\/exploit information - PRE-T1131\""],"Compromise of externally facing system - PRE-T1165":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Compromise of externally facing system - PRE-T1165\""],"Conduct active scanning - PRE-T1031":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct active scanning - PRE-T1031\""],"Conduct cost\/benefit analysis - PRE-T1003":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct cost\/benefit analysis - PRE-T1003\""],"Conduct passive scanning - PRE-T1030":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct passive scanning - PRE-T1030\""],"Conduct social engineering - PRE-T1026":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering - PRE-T1026\""],"Conduct social engineering - PRE-T1045":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering - PRE-T1045\""],"Conduct social engineering - PRE-T1056":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering - PRE-T1056\""],"Conduct social engineering or HUMINT operation - PRE-T1153":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Conduct social engineering or HUMINT operation - PRE-T1153\""],"Confirmation of launched compromise achieved - PRE-T1160":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Confirmation of launched compromise achieved - PRE-T1160\""],"Create backup infrastructure - PRE-T1116":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create backup infrastructure - PRE-T1116\""],"Create custom payloads - PRE-T1122":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create custom payloads - PRE-T1122\""],"Create implementation plan - PRE-T1009":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create implementation plan - PRE-T1009\""],"Create infected removable media - PRE-T1132":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create infected removable media - PRE-T1132\""],"Create strategic plan - PRE-T1008":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Create strategic plan - PRE-T1008\""],"Credential pharming - PRE-T1151":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Credential pharming - PRE-T1151\""],"DNS poisoning - PRE-T1159":["misp-galaxy:mitre-pre-attack-attack-pattern=\"DNS poisoning - PRE-T1159\""],"DNSCalc - PRE-T1101":["misp-galaxy:mitre-pre-attack-attack-pattern=\"DNSCalc - PRE-T1101\""],"Data Hiding - PRE-T1097":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Data Hiding - PRE-T1097\""],"Deploy exploit using advertising - PRE-T1157":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Deploy exploit using advertising - PRE-T1157\""],"Derive intelligence requirements - PRE-T1007":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Derive intelligence requirements - PRE-T1007\""],"Determine 3rd party infrastructure services - PRE-T1037":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine 3rd party infrastructure services - PRE-T1037\""],"Determine 3rd party infrastructure services - PRE-T1061":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine 3rd party infrastructure services - PRE-T1061\""],"Determine approach\/attack vector - PRE-T1022":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine approach\/attack vector - PRE-T1022\""],"Determine centralization of IT management - PRE-T1062":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine centralization of IT management - PRE-T1062\""],"Determine domain and IP address space - PRE-T1027":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine domain and IP address space - PRE-T1027\""],"Determine external network trust dependencies - PRE-T1036":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine external network trust dependencies - PRE-T1036\""],"Determine firmware version - PRE-T1035":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine firmware version - PRE-T1035\""],"Determine highest level tactical element - PRE-T1020":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine highest level tactical element - PRE-T1020\""],"Determine operational element - PRE-T1019":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine operational element - PRE-T1019\""],"Determine physical locations - PRE-T1059":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine physical locations - PRE-T1059\""],"Determine secondary level tactical element - PRE-T1021":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine secondary level tactical element - PRE-T1021\""],"Determine strategic target - PRE-T1018":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Determine strategic target - PRE-T1018\""],"Develop KITs\/KIQs - PRE-T1004":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Develop KITs\/KIQs - PRE-T1004\""],"Develop social network persona digital footprint - PRE-T1119":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Develop social network persona digital footprint - PRE-T1119\""],"Discover new exploits and monitor exploit-provider forums - PRE-T1127":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Discover new exploits and monitor exploit-provider forums - PRE-T1127\""],"Discover target logon\/email address format - PRE-T1032":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Discover target logon\/email address format - PRE-T1032\""],"Disseminate removable media - PRE-T1156":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Disseminate removable media - PRE-T1156\""],"Distribute malicious software development tools - PRE-T1171":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Distribute malicious software development tools - PRE-T1171\""],"Domain Generation Algorithms (DGA) - PRE-T1100":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Domain Generation Algorithms (DGA) - PRE-T1100\""],"Domain registration hijacking - PRE-T1103":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Domain registration hijacking - PRE-T1103\""],"Dumpster dive - PRE-T1063":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Dumpster dive - PRE-T1063\""],"Dynamic DNS - PRE-T1088":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Dynamic DNS - PRE-T1088\""],"Dynamic DNS - PRE-T1110":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Dynamic DNS - PRE-T1110\""],"Enumerate client configurations - PRE-T1039":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Enumerate client configurations - PRE-T1039\""],"Enumerate externally facing software applications technologies, languages, and dependencies - PRE-T1038":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Enumerate externally facing software applications technologies, languages, and dependencies - PRE-T1038\""],"Exploit public-facing application - PRE-T1154":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Exploit public-facing application - PRE-T1154\""],"Fast Flux DNS - PRE-T1102":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Fast Flux DNS - PRE-T1102\""],"Friend\/Follow\/Connect to targets of interest - PRE-T1121":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - PRE-T1121\""],"Friend\/Follow\/Connect to targets of interest - PRE-T1141":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Friend\/Follow\/Connect to targets of interest - PRE-T1141\""],"Generate analyst intelligence requirements - PRE-T1011":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Generate analyst intelligence requirements - PRE-T1011\""],"Hardware or software supply chain implant - PRE-T1142":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Hardware or software supply chain implant - PRE-T1142\""],"Host-based hiding techniques - PRE-T1091":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Host-based hiding techniques - PRE-T1091\""],"Human performs requested action of physical nature - PRE-T1162":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Human performs requested action of physical nature - PRE-T1162\""],"Identify analyst level gaps - PRE-T1010":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify analyst level gaps - PRE-T1010\""],"Identify business processes\/tempo - PRE-T1057":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify business processes\/tempo - PRE-T1057\""],"Identify business relationships - PRE-T1049":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify business relationships - PRE-T1049\""],"Identify business relationships - PRE-T1060":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify business relationships - PRE-T1060\""],"Identify gap areas - PRE-T1002":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify gap areas - PRE-T1002\""],"Identify groups\/roles - PRE-T1047":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify groups\/roles - PRE-T1047\""],"Identify job postings and needs\/gaps - PRE-T1025":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify job postings and needs\/gaps - PRE-T1025\""],"Identify job postings and needs\/gaps - PRE-T1044":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify job postings and needs\/gaps - PRE-T1044\""],"Identify job postings and needs\/gaps - PRE-T1055":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify job postings and needs\/gaps - PRE-T1055\""],"Identify people of interest - PRE-T1046":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify people of interest - PRE-T1046\""],"Identify personnel with an authority\/privilege - PRE-T1048":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify personnel with an authority\/privilege - PRE-T1048\""],"Identify resources required to build capabilities - PRE-T1125":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify resources required to build capabilities - PRE-T1125\""],"Identify security defensive capabilities - PRE-T1040":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify security defensive capabilities - PRE-T1040\""],"Identify sensitive personnel information - PRE-T1051":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify sensitive personnel information - PRE-T1051\""],"Identify supply chains - PRE-T1023":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify supply chains - PRE-T1023\""],"Identify supply chains - PRE-T1042":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify supply chains - PRE-T1042\""],"Identify supply chains - PRE-T1053":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify supply chains - PRE-T1053\""],"Identify technology usage patterns - PRE-T1041":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify technology usage patterns - PRE-T1041\""],"Identify vulnerabilities in third-party software libraries - PRE-T1166":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify vulnerabilities in third-party software libraries - PRE-T1166\""],"Identify web defensive services - PRE-T1033":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Identify web defensive services - PRE-T1033\""],"Install and configure hardware, network, and systems - PRE-T1113":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Install and configure hardware, network, and systems - PRE-T1113\""],"Leverage compromised 3rd party resources - PRE-T1152":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Leverage compromised 3rd party resources - PRE-T1152\""],"Map network topology - PRE-T1029":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Map network topology - PRE-T1029\""],"Mine social media - PRE-T1050":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Mine social media - PRE-T1050\""],"Mine technical blogs\/forums - PRE-T1034":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Mine technical blogs\/forums - PRE-T1034\""],"Misattributable credentials - PRE-T1099":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Misattributable credentials - PRE-T1099\""],"Network-based hiding techniques - PRE-T1092":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Network-based hiding techniques - PRE-T1092\""],"Non-traditional or less attributable payment options - PRE-T1093":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Non-traditional or less attributable payment options - PRE-T1093\""],"OS-vendor provided communication channels - PRE-T1167":["misp-galaxy:mitre-pre-attack-attack-pattern=\"OS-vendor provided communication channels - PRE-T1167\""],"Obfuscate infrastructure - PRE-T1086":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate infrastructure - PRE-T1086\""],"Obfuscate infrastructure - PRE-T1108":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate infrastructure - PRE-T1108\""],"Obfuscate operational infrastructure - PRE-T1095":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate operational infrastructure - PRE-T1095\""],"Obfuscate or encrypt code - PRE-T1096":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscate or encrypt code - PRE-T1096\""],"Obfuscation or cryptography - PRE-T1090":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obfuscation or cryptography - PRE-T1090\""],"Obtain Apple iOS enterprise distribution key pair and certificate - PRE-T1169":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain Apple iOS enterprise distribution key pair and certificate - PRE-T1169\""],"Obtain booter\/stressor subscription - PRE-T1173":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain booter\/stressor subscription - PRE-T1173\""],"Obtain domain\/IP registration information - PRE-T1028":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain domain\/IP registration information - PRE-T1028\""],"Obtain templates\/branding materials - PRE-T1058":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain templates\/branding materials - PRE-T1058\""],"Obtain\/re-use payloads - PRE-T1123":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Obtain\/re-use payloads - PRE-T1123\""],"Port redirector - PRE-T1140":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Port redirector - PRE-T1140\""],"Post compromise tool development - PRE-T1130":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Post compromise tool development - PRE-T1130\""],"Private whois services - PRE-T1082":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Private whois services - PRE-T1082\""],"Procure required equipment and software - PRE-T1112":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Procure required equipment and software - PRE-T1112\""],"Proxy\/protocol relays - PRE-T1081":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Proxy\/protocol relays - PRE-T1081\""],"Push-notification client-side exploit - PRE-T1150":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Push-notification client-side exploit - PRE-T1150\""],"Receive KITs\/KIQs and determine requirements - PRE-T1016":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Receive KITs\/KIQs and determine requirements - PRE-T1016\""],"Receive operator KITs\/KIQs tasking - PRE-T1012":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Receive operator KITs\/KIQs tasking - PRE-T1012\""],"Remote access tool development - PRE-T1128":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Remote access tool development - PRE-T1128\""],"Replace legitimate binary with malware - PRE-T1155":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Replace legitimate binary with malware - PRE-T1155\""],"Research relevant vulnerabilities\/CVEs - PRE-T1068":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Research relevant vulnerabilities\/CVEs - PRE-T1068\""],"Research visibility gap of security vendors - PRE-T1067":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Research visibility gap of security vendors - PRE-T1067\""],"Review logs and residual traces - PRE-T1135":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Review logs and residual traces - PRE-T1135\""],"Runtime code download and execution - PRE-T1172":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Runtime code download and execution - PRE-T1172\""],"SSL certificate acquisition for domain - PRE-T1114":["misp-galaxy:mitre-pre-attack-attack-pattern=\"SSL certificate acquisition for domain - PRE-T1114\""],"SSL certificate acquisition for trust breaking - PRE-T1115":["misp-galaxy:mitre-pre-attack-attack-pattern=\"SSL certificate acquisition for trust breaking - PRE-T1115\""],"Secure and protect infrastructure - PRE-T1094":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Secure and protect infrastructure - PRE-T1094\""],"Shadow DNS - PRE-T1117":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Shadow DNS - PRE-T1117\""],"Spear phishing messages with malicious attachments - PRE-T1144":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spear phishing messages with malicious attachments - PRE-T1144\""],"Spear phishing messages with malicious links - PRE-T1146":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spear phishing messages with malicious links - PRE-T1146\""],"Spear phishing messages with text only - PRE-T1145":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spear phishing messages with text only - PRE-T1145\""],"Spearphishing for Information - PRE-T1174":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Spearphishing for Information - PRE-T1174\""],"Submit KITs, KIQs, and intelligence requirements - PRE-T1014":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Submit KITs, KIQs, and intelligence requirements - PRE-T1014\""],"Targeted client-side exploitation - PRE-T1148":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Targeted client-side exploitation - PRE-T1148\""],"Targeted social media phishing - PRE-T1143":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Targeted social media phishing - PRE-T1143\""],"Task requirements - PRE-T1017":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Task requirements - PRE-T1017\""],"Test ability to evade automated mobile application security analysis performed by app stores - PRE-T1170":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test ability to evade automated mobile application security analysis performed by app stores - PRE-T1170\""],"Test callback functionality - PRE-T1133":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test callback functionality - PRE-T1133\""],"Test malware in various execution environments - PRE-T1134":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test malware in various execution environments - PRE-T1134\""],"Test malware to evade detection - PRE-T1136":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test malware to evade detection - PRE-T1136\""],"Test physical access - PRE-T1137":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test physical access - PRE-T1137\""],"Test signature detection - PRE-T1069":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test signature detection - PRE-T1069\""],"Test signature detection for file upload\/email filters - PRE-T1138":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Test signature detection for file upload\/email filters - PRE-T1138\""],"Unauthorized user introduces compromise delivery mechanism - PRE-T1164":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Unauthorized user introduces compromise delivery mechanism - PRE-T1164\""],"Unconditional client-side exploitation\/Injected Website\/Driveby - PRE-T1149":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Unconditional client-side exploitation\/Injected Website\/Driveby - PRE-T1149\""],"Untargeted client-side exploitation - PRE-T1147":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Untargeted client-side exploitation - PRE-T1147\""],"Upload, install, and configure software\/tools - PRE-T1139":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Upload, install, and configure software\/tools - PRE-T1139\""],"Use multiple DNS infrastructures - PRE-T1104":["misp-galaxy:mitre-pre-attack-attack-pattern=\"Use multiple DNS infrastructures - PRE-T1104\""],"Empire - S0363":["misp-galaxy:mitre-tool=\"Empire - S0363\""],"EmPyre":["misp-galaxy:mitre-tool=\"Empire - S0363\""],"PowerShell Empire":["misp-galaxy:mitre-tool=\"Empire - S0363\""],"Expand - S0361":["misp-galaxy:mitre-tool=\"Expand - S0361\""],"Expand":["misp-galaxy:mitre-tool=\"Expand - S0361\""],"Impacket - S0357":["misp-galaxy:mitre-tool=\"Impacket - S0357\""],"Impacket":["misp-galaxy:mitre-tool=\"Impacket - S0357\""],"Koadic - S0250":["misp-galaxy:mitre-tool=\"Koadic - S0250\""],"LaZagne - S0349":["misp-galaxy:mitre-tool=\"LaZagne - S0349\""],"LaZagne":["misp-galaxy:mitre-tool=\"LaZagne - S0349\""],"Nltest - S0359":["misp-galaxy:mitre-tool=\"Nltest - S0359\""],"Nltest":["misp-galaxy:mitre-tool=\"Nltest - S0359\""],"PoshC2 - S0378":["misp-galaxy:mitre-tool=\"PoshC2 - S0378\""],"QuasarRAT - S0262":["misp-galaxy:mitre-tool=\"QuasarRAT - S0262\""],"QuasarRAT":["misp-galaxy:mitre-tool=\"QuasarRAT - S0262\""],"xRAT":["misp-galaxy:mitre-tool=\"QuasarRAT - S0262\"","misp-galaxy:rat=\"xRAT\""],"RawDisk - S0364":["misp-galaxy:mitre-tool=\"RawDisk - S0364\""],"RawDisk":["misp-galaxy:mitre-tool=\"RawDisk - S0364\""],"Remcos - S0332":["misp-galaxy:mitre-tool=\"Remcos - S0332\""],"Ruler - S0358":["misp-galaxy:mitre-tool=\"Ruler - S0358\""],"Ruler":["misp-galaxy:mitre-tool=\"Ruler - S0358\""],"Xbot - S0298":["misp-galaxy:mitre-tool=\"Xbot - S0298\""],"ACL":["misp-galaxy:preventive-measure=\"ACL\""],"Backup and Restore Process":["misp-galaxy:preventive-measure=\"Backup and Restore Process\""],"Blacklist-phone-numbers":["misp-galaxy:preventive-measure=\"Blacklist-phone-numbers\""],"Block Macros":["misp-galaxy:preventive-measure=\"Block Macros\""],"Change Default \"Open With\" to Notepad":["misp-galaxy:preventive-measure=\"Change Default \"Open With\" to Notepad\""],"Disable WSH":["misp-galaxy:preventive-measure=\"Disable WSH\""],"EMET":["misp-galaxy:preventive-measure=\"EMET\""],"Enforce UAC Prompt":["misp-galaxy:preventive-measure=\"Enforce UAC Prompt\""],"Execution Prevention":["misp-galaxy:preventive-measure=\"Execution Prevention\""],"File Screening":["misp-galaxy:preventive-measure=\"File Screening\""],"Filter Attachments Level 1":["misp-galaxy:preventive-measure=\"Filter Attachments Level 1\""],"Filter Attachments Level 2":["misp-galaxy:preventive-measure=\"Filter Attachments Level 2\""],"Remove Admin Privileges":["misp-galaxy:preventive-measure=\"Remove Admin Privileges\""],"Restrict Workstation Communication":["misp-galaxy:preventive-measure=\"Restrict Workstation Communication\""],"Restrict program execution #2":["misp-galaxy:preventive-measure=\"Restrict program execution #2\""],"Restrict program execution":["misp-galaxy:preventive-measure=\"Restrict program execution\""],"Sandboxing Email Input":["misp-galaxy:preventive-measure=\"Sandboxing Email Input\""],"Show File Extensions":["misp-galaxy:preventive-measure=\"Show File Extensions\""],"Sysmon":["misp-galaxy:preventive-measure=\"Sysmon\""],"\"prepending (enc) ransomware\" (Not an official name)":["misp-galaxy:ransomware=\"\"prepending (enc) ransomware\" (Not an official name)\""],".CryptoHasYou.":["misp-galaxy:ransomware=\".CryptoHasYou.\""],"777":["misp-galaxy:ransomware=\"777\""],"Sevleg":["misp-galaxy:ransomware=\"777\""],"7Zipper Ransomware":["misp-galaxy:ransomware=\"7Zipper Ransomware\""],"7ev3n-HONE$T":["misp-galaxy:ransomware=\"7ev3n\""],"8lock8":["misp-galaxy:ransomware=\"8lock8\""],"AES-NI Ransomware ":["misp-galaxy:ransomware=\"AES-NI Ransomware \""],"AES_KEY_GEN_ASSIST Ransomware":["misp-galaxy:ransomware=\"AES_KEY_GEN_ASSIST Ransomware\""],"ALFA Ransomware":["misp-galaxy:ransomware=\"ALFA Ransomware\""],"AMBA":["misp-galaxy:ransomware=\"AMBA\""],"APT Ransomware v.2":["misp-galaxy:ransomware=\"APT Ransomware v.2\""],"ASN1 Encoder Ransomware":["misp-galaxy:ransomware=\"ASN1 Encoder Ransomware\""],"Acroware Cryptolocker Ransomware":["misp-galaxy:ransomware=\"Acroware Cryptolocker Ransomware\""],"Acroware Screenlocker":["misp-galaxy:ransomware=\"Acroware Cryptolocker Ransomware\""],"AdamLocker Ransomware":["misp-galaxy:ransomware=\"AdamLocker Ransomware\""],"AiraCrop Ransomware":["misp-galaxy:ransomware=\"AiraCrop Ransomware\""],"AiraCrop":["misp-galaxy:ransomware=\"AiraCrop\""],"Al-Namrood":["misp-galaxy:ransomware=\"Al-Namrood\""],"Alcatraz Locker Ransomware":["misp-galaxy:ransomware=\"Alcatraz Locker Ransomware\""],"All_Your_Documents Ransomware":["misp-galaxy:ransomware=\"All_Your_Documents Ransomware\""],"Alma Ransomware":["misp-galaxy:ransomware=\"Alma Ransomware\""],"Alpha Ransomware":["misp-galaxy:ransomware=\"Alpha Ransomware\""],"Angela Merkel Ransomware":["misp-galaxy:ransomware=\"Angela Merkel Ransomware\""],"AngleWare":["misp-galaxy:ransomware=\"AngleWare\""],"AngryDuck Ransomware":["misp-galaxy:ransomware=\"AngryDuck Ransomware\""],"Anony":["misp-galaxy:ransomware=\"Anony\""],"ngocanh":["misp-galaxy:ransomware=\"Anony\""],"Antihacker2017 Ransomware":["misp-galaxy:ransomware=\"Antihacker2017 Ransomware\""],"Antix Ransomware":["misp-galaxy:ransomware=\"Antix Ransomware\""],"Anubis Ransomware":["misp-galaxy:ransomware=\"Anubis Ransomware\""],"Fabiansomeware":["misp-galaxy:ransomware=\"Apocalypse\""],"ApocalypseVM":["misp-galaxy:ransomware=\"ApocalypseVM\""],"Aurora Ransomware":["misp-galaxy:ransomware=\"Aurora Ransomware\""],"Zorro Ransomware":["misp-galaxy:ransomware=\"Aurora Ransomware\""],"AutoLocky":["misp-galaxy:ransomware=\"AutoLocky\""],"AvastVirusinfo Ransomware":["misp-galaxy:ransomware=\"AvastVirusinfo Ransomware\""],"Aw3s0m3Sc0t7":["misp-galaxy:ransomware=\"Aw3s0m3Sc0t7\""],"B2DR Ransomware":["misp-galaxy:ransomware=\"B2DR Ransomware\""],"BTCLocker Ransomware":["misp-galaxy:ransomware=\"BTCLocker Ransomware\""],"BTC Ransomware":["misp-galaxy:ransomware=\"BTCLocker Ransomware\""],"BTCWare Related to \/ new version of CryptXXX":["misp-galaxy:ransomware=\"BTCWare Related to \/ new version of CryptXXX\""],"BTCamant Ransomware":["misp-galaxy:ransomware=\"BTCamant Ransomware\""],"Bad Rabbit":["misp-galaxy:ransomware=\"Bad Rabbit\""],"Bad-Rabbit":["misp-galaxy:ransomware=\"Bad Rabbit\""],"BadBlock":["misp-galaxy:ransomware=\"BadBlock\""],"BadEncript Ransomware":["misp-galaxy:ransomware=\"BadEncript Ransomware\""],"BaksoCrypt":["misp-galaxy:ransomware=\"BaksoCrypt\""],"Bandarchor":["misp-galaxy:ransomware=\"Bandarchor\"","misp-galaxy:ransomware=\"Rakhni\""],"BansomQare Manna Ransomware":["misp-galaxy:ransomware=\"BansomQare Manna Ransomware\""],"BarRax Ransomware":["misp-galaxy:ransomware=\"BarRax Ransomware\""],"BarRaxCrypt Ransomware":["misp-galaxy:ransomware=\"BarRax Ransomware\""],"Barack Obama's Everlasting Blue Blackmail Virus Ransomware":["misp-galaxy:ransomware=\"Barack Obama's Everlasting Blue Blackmail Virus Ransomware\""],"Barack Obama's Blackmail Virus Ransomware":["misp-galaxy:ransomware=\"Barack Obama's Everlasting Blue Blackmail Virus Ransomware\""],"BaCrypt":["misp-galaxy:ransomware=\"Bart\""],"BigBobRoss":["misp-galaxy:ransomware=\"BigBobRoss\""],"BitCryptor":["misp-galaxy:ransomware=\"BitCryptor\""],"BitStak":["misp-galaxy:ransomware=\"BitStak\""],"Black Ruby":["misp-galaxy:ransomware=\"Black Ruby\""],"BlackShades Crypter":["misp-galaxy:ransomware=\"BlackShades Crypter\""],"SilentShade":["misp-galaxy:ransomware=\"BlackShades Crypter\""],"BlackWorm":["misp-galaxy:ransomware=\"BlackWorm\""],"BleedGreen Ransomware":["misp-galaxy:ransomware=\"BleedGreen Ransomware\""],"FireCrypt Ransomware":["misp-galaxy:ransomware=\"BleedGreen Ransomware\""],"Blocatto":["misp-galaxy:ransomware=\"Blocatto\""],"Booyah":["misp-galaxy:ransomware=\"Booyah\"","misp-galaxy:ransomware=\"MM Locker\""],"Salami":["misp-galaxy:ransomware=\"Booyah\""],"BrLock":["misp-galaxy:ransomware=\"BrLock\""],"BrainCrypt Ransomware":["misp-galaxy:ransomware=\"BrainCrypt Ransomware\""],"Brazilian Globe":["misp-galaxy:ransomware=\"Brazilian Globe\""],"Brazilian":["misp-galaxy:ransomware=\"Brazilian\""],"Browlock":["misp-galaxy:ransomware=\"Browlock\""],"Bucbi":["misp-galaxy:ransomware=\"Bucbi\""],"BuyUnlockCode":["misp-galaxy:ransomware=\"BuyUnlockCode\""],"CIA Special Agent 767 Ransomware (FAKE!!!)":["misp-galaxy:ransomware=\"CIA Special Agent 767 Ransomware (FAKE!!!)\""],"CSGO Ransomware":["misp-galaxy:ransomware=\"CSGO Ransomware\""],"CTB-Faker":["misp-galaxy:ransomware=\"CTB-Faker\""],"Citroni":["misp-galaxy:ransomware=\"CTB-Faker\""],"CTB-Locker WEB":["misp-galaxy:ransomware=\"CTB-Locker WEB\""],"CYR-Locker Ransomware (FAKE)":["misp-galaxy:ransomware=\"CYR-Locker Ransomware (FAKE)\""],"Cancer Ransomware FAKE":["misp-galaxy:ransomware=\"Cancer Ransomware FAKE\""],"Cassetto Ransomware":["misp-galaxy:ransomware=\"Cassetto Ransomware\""],"Central Security Treatment Organization":["misp-galaxy:ransomware=\"Central Security Treatment Organization\"","misp-galaxy:ransomware=\"CryLocker\""],"CRBR ENCRYPTOR":["misp-galaxy:ransomware=\"Cerber\""],"CerberTear Ransomware":["misp-galaxy:ransomware=\"CerberTear Ransomware\""],"Chartwig Ransomware":["misp-galaxy:ransomware=\"Chartwig Ransomware\""],"Chimera":["misp-galaxy:ransomware=\"Chimera\""],"Chip Ransomware":["misp-galaxy:ransomware=\"Chip Ransomware\""],"ChipLocker Ransomware":["misp-galaxy:ransomware=\"Chip Ransomware\""],"Click Me Ransomware":["misp-galaxy:ransomware=\"Click Me Ransomware\""],"Clock":["misp-galaxy:ransomware=\"Clock\""],"CloudSword Ransomware":["misp-galaxy:ransomware=\"CloudSword Ransomware\""],"CockBlocker Ransomware":["misp-galaxy:ransomware=\"CockBlocker Ransomware\""],"Code Virus Ransomware ":["misp-galaxy:ransomware=\"Code Virus Ransomware \""],"CoinVault":["misp-galaxy:ransomware=\"CoinVault\""],"CommonRansom":["misp-galaxy:ransomware=\"CommonRansom\""],"Comrade Circle Ransomware":["misp-galaxy:ransomware=\"Comrade Circle Ransomware\""],"ConsoleApplication1 Ransomware":["misp-galaxy:ransomware=\"ConsoleApplication1 Ransomware\""],"Coverton":["misp-galaxy:ransomware=\"Coverton\""],"Criptt0r":["misp-galaxy:ransomware=\"Cr1ptT0r\""],"Cr1pt0r":["misp-galaxy:ransomware=\"Cr1ptT0r\""],"Cripttor":["misp-galaxy:ransomware=\"Cr1ptT0r\""],"CreamPie Ransomware":["misp-galaxy:ransomware=\"CreamPie Ransomware\""],"Crptxxx Ransomware":["misp-galaxy:ransomware=\"Crptxxx Ransomware\""],"CryBrazil":["misp-galaxy:ransomware=\"CryBrazil\""],"CryFile":["misp-galaxy:ransomware=\"CryFile\""],"Cry":["misp-galaxy:ransomware=\"CryLocker\""],"CSTO":["misp-galaxy:ransomware=\"CryLocker\""],"CryPy":["misp-galaxy:ransomware=\"CryPy\""],"Cryaki":["misp-galaxy:ransomware=\"Cryaki\""],"Crybola":["misp-galaxy:ransomware=\"Crybola\""],"CrypMIC":["misp-galaxy:ransomware=\"CrypMIC\""],"Crypren":["misp-galaxy:ransomware=\"Crypren\""],"Crypt0saur":["misp-galaxy:ransomware=\"Crypt0saur\""],"Crypt38":["misp-galaxy:ransomware=\"Crypt38\""],"CryptConsole 2.0 Ransomware":["misp-galaxy:ransomware=\"CryptConsole 2.0 Ransomware\""],"CryptConsole":["misp-galaxy:ransomware=\"CryptConsole\""],"CryptFIle2":["misp-galaxy:ransomware=\"CryptFIle2\""],"CryptInfinite":["misp-galaxy:ransomware=\"CryptInfinite\""],"CryptXXX 2.0":["misp-galaxy:ransomware=\"CryptXXX 2.0\""],"CryptProjectXXX":["misp-galaxy:ransomware=\"CryptXXX 2.0\"","misp-galaxy:ransomware=\"CryptXXX\""],"CryptXXX 3.0":["misp-galaxy:ransomware=\"CryptXXX 3.0\""],"UltraDeCrypter":["misp-galaxy:ransomware=\"CryptXXX 3.0\""],"UltraCrypter":["misp-galaxy:ransomware=\"CryptXXX 3.0\""],"CryptXXX 3.1":["misp-galaxy:ransomware=\"CryptXXX 3.1\""],"CryptXXX":["misp-galaxy:ransomware=\"CryptXXX\""],"Crypter":["misp-galaxy:ransomware=\"Crypter\""],"CryptoBit":["misp-galaxy:ransomware=\"CryptoBit\"","misp-galaxy:ransomware=\"Mobef\""],"CryptoBlock Ransomware ":["misp-galaxy:ransomware=\"CryptoBlock Ransomware \""],"CryptoDefense":["misp-galaxy:ransomware=\"CryptoDefense\""],"CryptoDevil Ransomware":["misp-galaxy:ransomware=\"CryptoDevil Ransomware\""],"CryptoFinancial":["misp-galaxy:ransomware=\"CryptoFinancial\""],"CryptoGraphic Locker":["misp-galaxy:ransomware=\"CryptoGraphic Locker\""],"Manamecrypt":["misp-galaxy:ransomware=\"CryptoHost\""],"Telograph":["misp-galaxy:ransomware=\"CryptoHost\""],"ROI Locker":["misp-galaxy:ransomware=\"CryptoHost\""],"CryptoJacky Ransomware":["misp-galaxy:ransomware=\"CryptoJacky Ransomware\""],"CryptoJoker":["misp-galaxy:ransomware=\"CryptoJoker\""],"CryptoKill Ransomware":["misp-galaxy:ransomware=\"CryptoKill Ransomware\""],"CryptoLocker 1.0.0":["misp-galaxy:ransomware=\"CryptoLocker 1.0.0\""],"CryptoLocker 5.1":["misp-galaxy:ransomware=\"CryptoLocker 5.1\""],"CryptoLocker by NTK Ransomware":["misp-galaxy:ransomware=\"CryptoLocker by NTK Ransomware\""],"CryptoLocker3 Ransomware":["misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\""],"Fake CryptoLocker":["misp-galaxy:ransomware=\"CryptoLocker3 Ransomware\""],"CryptoLuck Ransomware":["misp-galaxy:ransomware=\"CryptoLuck Ransomware\""],"YafunnLocker":["misp-galaxy:ransomware=\"CryptoLuck Ransomware\""],"CryptoMeister Ransomware":["misp-galaxy:ransomware=\"CryptoMeister Ransomware\""],"Zeta":["misp-galaxy:ransomware=\"CryptoMix\""],"CryptoNar":["misp-galaxy:ransomware=\"CryptoNar\""],"CryptoRoger":["misp-galaxy:ransomware=\"CryptoRoger\""],"CryptoShadow":["misp-galaxy:ransomware=\"CryptoShadow\""],"CryptoShield 1.0 Ransomware":["misp-galaxy:ransomware=\"CryptoShield 1.0 Ransomware\""],"CryptoShocker":["misp-galaxy:ransomware=\"CryptoShocker\""],"CryptoSweetTooth Ransomware":["misp-galaxy:ransomware=\"CryptoSweetTooth Ransomware\""],"CryptoTorLocker2015":["misp-galaxy:ransomware=\"CryptoTorLocker2015\""],"CryptoTrooper":["misp-galaxy:ransomware=\"CryptoTrooper\""],"CryptoWall 1":["misp-galaxy:ransomware=\"CryptoWall 1\""],"CryptoWall 2":["misp-galaxy:ransomware=\"CryptoWall 2\""],"CryptoWall 3":["misp-galaxy:ransomware=\"CryptoWall 3\""],"CryptoWall 4":["misp-galaxy:ransomware=\"CryptoWall 4\""],"CryptoWire Ransomeware":["misp-galaxy:ransomware=\"CryptoWire Ransomeware\""],"Crypton Ransomware":["misp-galaxy:ransomware=\"Crypton Ransomware\""],"Nemesis":["misp-galaxy:ransomware=\"Crypton Ransomware\""],"X3M":["misp-galaxy:ransomware=\"Crypton Ransomware\""],"Cryptorium (Fake Ransomware)":["misp-galaxy:ransomware=\"Cryptorium (Fake Ransomware)\""],"Crypute Ransomware":["misp-galaxy:ransomware=\"Crypute Ransomware\""],"m0on Ransomware":["misp-galaxy:ransomware=\"Crypute Ransomware\""],"CuteRansomware":["misp-galaxy:ransomware=\"CuteRansomware\""],"my-Little-Ransomware":["misp-galaxy:ransomware=\"CuteRansomware\""],"Cyber Drill Exercise ":["misp-galaxy:ransomware=\"Cyber Drill Exercise \""],"Ransomuhahawhere":["misp-galaxy:ransomware=\"Cyber Drill Exercise \""],"Cyber SpLiTTer Vbs":["misp-galaxy:ransomware=\"Cyber SpLiTTer Vbs\""],"Cyron":["misp-galaxy:ransomware=\"Cyron\""],"DBGer Ransomware":["misp-galaxy:ransomware=\"DBGer Ransomware\""],"DEDCryptor":["misp-galaxy:ransomware=\"DEDCryptor\""],"DMALocker 3.0":["misp-galaxy:ransomware=\"DMALocker 3.0\""],"DMALocker":["misp-galaxy:ransomware=\"DMALocker\""],"DN":["misp-galaxy:ransomware=\"DN\""],"Fake":["misp-galaxy:ransomware=\"DN\""],"DNRansomware":["misp-galaxy:ransomware=\"DNRansomware\""],"DUMB Ransomware":["misp-galaxy:ransomware=\"DUMB Ransomware\""],"DXXD":["misp-galaxy:ransomware=\"DXXD\""],"Dablio Ransomware":["misp-galaxy:ransomware=\"Dablio Ransomware\""],"Dale Ransomware":["misp-galaxy:ransomware=\"Dale Ransomware\""],"DaleLocker Ransomware":["misp-galaxy:ransomware=\"Dale Ransomware\""],"Damage Ransomware":["misp-galaxy:ransomware=\"Damage Ransomware\""],"Dangerous Ransomware":["misp-galaxy:ransomware=\"Dangerous Ransomware\""],"DeCrypt Protect":["misp-galaxy:ransomware=\"DeCrypt Protect\""],"DeLpHiMoRix":["misp-galaxy:ransomware=\"DeLpHiMoRix\""],"DelphiMorix":["misp-galaxy:ransomware=\"DeLpHiMoRix\""],"Deadly Ransomware":["misp-galaxy:ransomware=\"Deadly Ransomware\""],"Deadly for a Good Purpose Ransomware":["misp-galaxy:ransomware=\"Deadly Ransomware\""],"Death Bitches":["misp-galaxy:ransomware=\"Death Bitches\""],"DecryptFox Ransomware":["misp-galaxy:ransomware=\"DecryptFox Ransomware\""],"Demo":["misp-galaxy:ransomware=\"Demo\""],"DeriaLock Ransomware":["misp-galaxy:ransomware=\"DeriaLock Ransomware\""],"DetoxCrypto":["misp-galaxy:ransomware=\"DetoxCrypto\""],"Dharma Ransomware":["misp-galaxy:ransomware=\"Dharma Ransomware\""],"Digisom":["misp-galaxy:ransomware=\"Digisom\""],"DirtyDecrypt":["misp-galaxy:ransomware=\"DirtyDecrypt\""],"DiskDoctor":["misp-galaxy:ransomware=\"DiskDoctor\""],"Scarab-DiskDoctor":["misp-galaxy:ransomware=\"DiskDoctor\""],"DoNotChange":["misp-galaxy:ransomware=\"DoNotChange\""],"Domino":["misp-galaxy:ransomware=\"Domino\""],"Donald Trump 2 Ransomware":["misp-galaxy:ransomware=\"Donald Trump 2 Ransomware\""],"Donut":["misp-galaxy:ransomware=\"Donut\""],"DotRansomware":["misp-galaxy:ransomware=\"DotRansomware\""],"DummyEncrypter Ransomware":["misp-galaxy:ransomware=\"DummyEncrypter Ransomware\""],"DummyLocker":["misp-galaxy:ransomware=\"DummyLocker\""],"DynA-Crypt Ransomware":["misp-galaxy:ransomware=\"DynA-Crypt Ransomware\""],"DynA CryptoLocker Ransomware":["misp-galaxy:ransomware=\"DynA-Crypt Ransomware\""],"EQ Ransomware":["misp-galaxy:ransomware=\"EQ Ransomware\""],"EdgeLocker":["misp-galaxy:ransomware=\"EdgeLocker\""],"EduCrypt":["misp-galaxy:ransomware=\"EduCrypt\""],"EduCrypter":["misp-galaxy:ransomware=\"EduCrypt\""],"EiTest":["misp-galaxy:ransomware=\"EiTest\""],"El-Polocker":["misp-galaxy:ransomware=\"El-Polocker\""],"Los Pollos Hermanos":["misp-galaxy:ransomware=\"El-Polocker\""],"Encoder.xxxx":["misp-galaxy:ransomware=\"Encoder.xxxx\""],"Trojan.Encoder.6491":["misp-galaxy:ransomware=\"Encoder.xxxx\"","misp-galaxy:ransomware=\"Windows_Security Ransonware\""],"EncrypTile Ransomware":["misp-galaxy:ransomware=\"EncrypTile Ransomware\""],"Encryptss77 Ransomware":["misp-galaxy:ransomware=\"Encryptss77 Ransomware\""],"SFX Monster Ransomware":["misp-galaxy:ransomware=\"Encryptss77 Ransomware\""],"Enigma 2 Ransomware":["misp-galaxy:ransomware=\"Enigma 2 Ransomware\""],"Enigma":["misp-galaxy:ransomware=\"Enigma\""],"Enjey":["misp-galaxy:ransomware=\"Enjey\""],"EnjeyCrypter Ransomware":["misp-galaxy:ransomware=\"EnjeyCrypter Ransomware\""],"EnkripsiPC Ransomware":["misp-galaxy:ransomware=\"EnkripsiPC Ransomware\""],"IDRANSOMv3":["misp-galaxy:ransomware=\"EnkripsiPC Ransomware\""],"EnyBeny Nuclear Ransomware":["misp-galaxy:ransomware=\"EnyBeny Nuclear Ransomware\""],"EnyBenyHorsuke Ransomware":["misp-galaxy:ransomware=\"EnyBenyHorsuke Ransomware\""],"Erebus 2017 Ransomware":["misp-galaxy:ransomware=\"Erebus 2017 Ransomware\""],"Erebus Ransomware":["misp-galaxy:ransomware=\"Erebus Ransomware\""],"Esmeralda Ransomware":["misp-galaxy:ransomware=\"Esmeralda Ransomware\""],"Everbe Ransomware":["misp-galaxy:ransomware=\"Everbe Ransomware\""],"Evil Ransomware":["misp-galaxy:ransomware=\"Evil Ransomware\""],"File0Locked KZ Ransomware":["misp-galaxy:ransomware=\"Evil Ransomware\""],"Exotic Ransomware":["misp-galaxy:ransomware=\"Exotic Ransomware\""],"FILE FROZR":["misp-galaxy:ransomware=\"FILE FROZR\""],"FLKR Ransomware":["misp-galaxy:ransomware=\"FLKR Ransomware\""],"FSociety":["misp-galaxy:ransomware=\"FSociety\""],"FabSysCrypto Ransomware":["misp-galaxy:ransomware=\"FabSysCrypto Ransomware\""],"Fadesoft Ransomware":["misp-galaxy:ransomware=\"Fadesoft Ransomware\""],"Fairware":["misp-galaxy:ransomware=\"Fairware\""],"Fakben":["misp-galaxy:ransomware=\"Fakben\""],"Fake Globe Ransomware":["misp-galaxy:ransomware=\"Fake Globe Ransomware\""],"Globe Imposter":["misp-galaxy:ransomware=\"Fake Globe Ransomware\""],"Fake Locky Ransomware":["misp-galaxy:ransomware=\"Fake Locky Ransomware\""],"Locky Impersonator Ransomware":["misp-galaxy:ransomware=\"Fake Locky Ransomware\""],"FakeCryptoLocker":["misp-galaxy:ransomware=\"FakeCryptoLocker\""],"Fantom":["misp-galaxy:ransomware=\"Fantom\""],"Comrad Circle":["misp-galaxy:ransomware=\"Fantom\""],"FenixLocker":["misp-galaxy:ransomware=\"FenixLocker\""],"File Spider":["misp-galaxy:ransomware=\"File Spider\""],"File-Locker":["misp-galaxy:ransomware=\"File-Locker\""],"FindZip":["misp-galaxy:ransomware=\"FileCoder\""],"FileLocker":["misp-galaxy:ransomware=\"FileLocker\""],"Fileice Ransomware Survey Ransomware":["misp-galaxy:ransomware=\"Fileice Ransomware Survey Ransomware\""],"First":["misp-galaxy:ransomware=\"First\""],"FlatChestWare":["misp-galaxy:ransomware=\"FlatChestWare\""],"Flotera Ransomware":["misp-galaxy:ransomware=\"Flotera Ransomware\""],"Flyper":["misp-galaxy:ransomware=\"Flyper\""],"Fonco":["misp-galaxy:ransomware=\"Fonco\""],"Forma Ransomware":["misp-galaxy:ransomware=\"Forma Ransomware\""],"FortuneCookie ":["misp-galaxy:ransomware=\"FortuneCookie \""],"FortuneCookie":["misp-galaxy:ransomware=\"FortuneCookie\""],"Free-Freedom":["misp-galaxy:ransomware=\"Free-Freedom\""],"Roga":["misp-galaxy:ransomware=\"Free-Freedom\"","misp-galaxy:ransomware=\"Roga\""],"Fs0ciety Locker Ransomware":["misp-galaxy:ransomware=\"Fs0ciety Locker Ransomware\""],"FuckSociety Ransomware":["misp-galaxy:ransomware=\"FuckSociety Ransomware\""],"FunFact Ransomware":["misp-galaxy:ransomware=\"FunFact Ransomware\""],"Fury":["misp-galaxy:ransomware=\"Fury\""],"Fusob":["misp-galaxy:ransomware=\"Fusob\""],"GC47 Ransomware":["misp-galaxy:ransomware=\"GC47 Ransomware\""],"GG Ransomware":["misp-galaxy:ransomware=\"GG Ransomware\""],"GNL Locker":["misp-galaxy:ransomware=\"GNL Locker\"","misp-galaxy:ransomware=\"Zyklon\""],"GOG Ransomware":["misp-galaxy:ransomware=\"GOG Ransomware\""],"GandCrab":["misp-galaxy:ransomware=\"GandCrab\""],"GarryWeber Ransomware":["misp-galaxy:ransomware=\"GarryWeber Ransomware\""],"Gerber Ransomware 1.0":["misp-galaxy:ransomware=\"Gerber Ransomware 1.0\""],"Gerber Ransomware 3.0":["misp-galaxy:ransomware=\"Gerber Ransomware 3.0\""],"GetCrypt":["misp-galaxy:ransomware=\"GetCrypt\""],"GhostCrypt":["misp-galaxy:ransomware=\"GhostCrypt\""],"Gingerbread":["misp-galaxy:ransomware=\"Gingerbread\""],"Globe v1":["misp-galaxy:ransomware=\"Globe v1\""],"Purge":["misp-galaxy:ransomware=\"Globe v1\""],"Globe2 Ransomware":["misp-galaxy:ransomware=\"Globe2 Ransomware\""],"Purge Ransomware":["misp-galaxy:ransomware=\"Globe2 Ransomware\"","misp-galaxy:ransomware=\"Globe3 Ransomware\""],"Globe3 Ransomware":["misp-galaxy:ransomware=\"Globe3 Ransomware\""],"God Crypt Joke Ransomware":["misp-galaxy:ransomware=\"God Crypt Joke Ransomware\""],"Godsomware v1.0":["misp-galaxy:ransomware=\"God Crypt Joke Ransomware\""],"Ransomware God Crypt":["misp-galaxy:ransomware=\"God Crypt Joke Ransomware\""],"GoldenEye Ransomware":["misp-galaxy:ransomware=\"GoldenEye Ransomware\""],"Gomasom":["misp-galaxy:ransomware=\"Gomasom\""],"Goopic":["misp-galaxy:ransomware=\"Goopic\""],"Gopher":["misp-galaxy:ransomware=\"Gopher\""],"Gremit Ransomware":["misp-galaxy:ransomware=\"Gremit Ransomware\""],"Guster Ransomware":["misp-galaxy:ransomware=\"Guster Ransomware\""],"HC6":["misp-galaxy:ransomware=\"HC6\""],"HC7":["misp-galaxy:ransomware=\"HC7\""],"HPE iLO 4 Ransomware":["misp-galaxy:ransomware=\"HPE iLO 4 Ransomware\""],"HTCryptor":["misp-galaxy:ransomware=\"HTCryptor\""],"Hacked":["misp-galaxy:ransomware=\"Hacked\""],"HackedLocker Ransomware":["misp-galaxy:ransomware=\"HackedLocker Ransomware\""],"Halloware":["misp-galaxy:ransomware=\"Halloware\""],"HappyDayzz":["misp-galaxy:ransomware=\"HappyDayzz\""],"Harasom":["misp-galaxy:ransomware=\"Harasom\""],"Havoc":["misp-galaxy:ransomware=\"Havoc\""],"HavocCrypt Ransomware":["misp-galaxy:ransomware=\"Havoc\""],"Haxerboi Ransomware":["misp-galaxy:ransomware=\"Haxerboi Ransomware\""],"Heimdall":["misp-galaxy:ransomware=\"Heimdall\""],"Help_dcfile":["misp-galaxy:ransomware=\"Help_dcfile\""],"Hi Buddy!":["misp-galaxy:ransomware=\"Hi Buddy!\""],"Cryptear":["misp-galaxy:ransomware=\"HiddenTear\""],"Hidden Tear":["misp-galaxy:ransomware=\"HiddenTear\""],"Hitler":["misp-galaxy:ransomware=\"Hitler\""],"Hollycrypt Ransomware":["misp-galaxy:ransomware=\"Hollycrypt Ransomware\""],"HolyCrypt":["misp-galaxy:ransomware=\"HolyCrypt\""],"Hucky Ransomware":["misp-galaxy:ransomware=\"Hucky Ransomware\""],"Hungarian Locky Ransomware":["misp-galaxy:ransomware=\"Hucky Ransomware\""],"HugeMe Ransomware":["misp-galaxy:ransomware=\"HugeMe Ransomware\""],"HydraCrypt":["misp-galaxy:ransomware=\"HydraCrypt\""],"IFN643 Ransomware":["misp-galaxy:ransomware=\"IFN643 Ransomware\""],"International Police Association":["misp-galaxy:ransomware=\"International Police Association\""],"Iron":["misp-galaxy:ransomware=\"Iron\""],"Ishtar Ransomware":["misp-galaxy:ransomware=\"Ishtar Ransomware\""],"JackPot Ransomware":["misp-galaxy:ransomware=\"JackPot Ransomware\""],"Jack.Pot Ransomware":["misp-galaxy:ransomware=\"JackPot Ransomware\""],"JagerDecryptor":["misp-galaxy:ransomware=\"JagerDecryptor\""],"JapanLocker Ransomware":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"SHC Ransomware":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"SHCLocker":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"SyNcryption":["misp-galaxy:ransomware=\"JapanLocker Ransomware\""],"Jeff the Ransomware":["misp-galaxy:ransomware=\"Jeff the Ransomware\""],"Jeiphoos":["misp-galaxy:ransomware=\"Jeiphoos\""],"Encryptor RaaS":["misp-galaxy:ransomware=\"Jeiphoos\""],"Sarento":["misp-galaxy:ransomware=\"Jeiphoos\""],"Jhon Woddy":["misp-galaxy:ransomware=\"Jhon Woddy\""],"CryptoHitMan":["misp-galaxy:ransomware=\"Jigsaw\""],"Job Crypter":["misp-galaxy:ransomware=\"Job Crypter\""],"JohnyCryptor":["misp-galaxy:ransomware=\"JohnyCryptor\""],"Jokeroo":["misp-galaxy:ransomware=\"Jokeroo\""],"Fake GandCrab":["misp-galaxy:ransomware=\"Jokeroo\""],"JungleSec":["misp-galaxy:ransomware=\"JungleSec\""],"KEYHolder":["misp-galaxy:ransomware=\"KEYHolder\""],"KEYPASS":["misp-galaxy:ransomware=\"KEYPASS\""],"KRider Ransomware":["misp-galaxy:ransomware=\"KRider Ransomware\""],"Kaandsona Ransomware":["misp-galaxy:ransomware=\"Kaandsona Ransomware\""],"RansomTroll Ransomware":["misp-galaxy:ransomware=\"Kaandsona Ransomware\""],"K\u00e4\u00e4nds\u00f5na Ransomware":["misp-galaxy:ransomware=\"Kaandsona Ransomware\""],"Kaenlupuf Ransomware":["misp-galaxy:ransomware=\"Kaenlupuf Ransomware\""],"Kangaroo Ransomware":["misp-galaxy:ransomware=\"Kangaroo Ransomware\""],"Kappa":["misp-galaxy:ransomware=\"Kappa\""],"Karma Ransomware":["misp-galaxy:ransomware=\"Karma Ransomware\""],"Karmen Ransomware":["misp-galaxy:ransomware=\"Karmen Ransomware\""],"Kasiski Ransomware":["misp-galaxy:ransomware=\"Kasiski Ransomware\""],"KawaiiLocker":["misp-galaxy:ransomware=\"KawaiiLocker\""],"KeyBTC":["misp-galaxy:ransomware=\"KeyBTC\""],"KillDisk Ransomware":["misp-galaxy:ransomware=\"KillDisk Ransomware\""],"KillerLocker":["misp-galaxy:ransomware=\"KillerLocker\""],"KimcilWare":["misp-galaxy:ransomware=\"KimcilWare\""],"Kirk Ransomware & Spock Decryptor":["misp-galaxy:ransomware=\"Kirk Ransomware & Spock Decryptor\""],"KoKoKrypt Ransomware":["misp-galaxy:ransomware=\"KoKoKrypt Ransomware\""],"KokoLocker Ransomware":["misp-galaxy:ransomware=\"KoKoKrypt Ransomware\""],"Kolobo Ransomware":["misp-galaxy:ransomware=\"Kolobo Ransomware\""],"Kolobocheg Ransomware":["misp-galaxy:ransomware=\"Kolobo Ransomware\""],"Koolova Ransomware":["misp-galaxy:ransomware=\"Koolova Ransomware\""],"Korean":["misp-galaxy:ransomware=\"Korean\""],"Kostya Ransomware":["misp-galaxy:ransomware=\"Kostya Ransomware\""],"Kozy.Jozy":["misp-galaxy:ransomware=\"Kozy.Jozy\""],"QC":["misp-galaxy:ransomware=\"Kozy.Jozy\""],"Kraken Cryptor Ransomware":["misp-galaxy:ransomware=\"Kraken Cryptor Ransomware\""],"Kraken Ransomware":["misp-galaxy:ransomware=\"Kraken Ransomware\""],"KratosCrypt":["misp-galaxy:ransomware=\"KratosCrypt\""],"KryptoLocker":["misp-galaxy:ransomware=\"KryptoLocker\""],"L33TAF Locker Ransomware":["misp-galaxy:ransomware=\"L33TAF Locker Ransomware\""],"LK Encryption":["misp-galaxy:ransomware=\"LK Encryption\""],"LLTP Locker":["misp-galaxy:ransomware=\"LLTP Locker\""],"LambdaLocker Ransomware":["misp-galaxy:ransomware=\"LambdaLocker Ransomware\""],"LanRan":["misp-galaxy:ransomware=\"LanRan\""],"LeChiffre":["misp-galaxy:ransomware=\"LeChiffre\""],"Lick":["misp-galaxy:ransomware=\"Lick\""],"Linux.Encoder":["misp-galaxy:ransomware=\"Linux.Encoder\""],"Linux.Encoder.{0,3}":["misp-galaxy:ransomware=\"Linux.Encoder\""],"Lock2017 Ransomware":["misp-galaxy:ransomware=\"Lock2017 Ransomware\""],"Lock93 Ransomware":["misp-galaxy:ransomware=\"Lock93 Ransomware\""],"LockCrypt":["misp-galaxy:ransomware=\"LockCrypt\""],"LockLock":["misp-galaxy:ransomware=\"LockLock\""],"Locked-In Ransomware or NoValid Ransomware":["misp-galaxy:ransomware=\"Locked-In Ransomware or NoValid Ransomware\""],"Locker":["misp-galaxy:ransomware=\"Locker\""],"Lomix Ransomware":["misp-galaxy:ransomware=\"Lomix Ransomware\""],"Lortok":["misp-galaxy:ransomware=\"Lortok\""],"LoveLock Ransomware or Love2Lock Ransomware":["misp-galaxy:ransomware=\"LoveLock Ransomware or Love2Lock Ransomware\""],"LoveServer Ransomware ":["misp-galaxy:ransomware=\"LoveServer Ransomware \""],"LowLevel04":["misp-galaxy:ransomware=\"LowLevel04\""],"M4N1F3STO Ransomware (FAKE!!!!!)":["misp-galaxy:ransomware=\"M4N1F3STO Ransomware (FAKE!!!!!)\""],"M4N1F3STO":["misp-galaxy:ransomware=\"M4N1F3STO\""],"M@r1a ransomware":["misp-galaxy:ransomware=\"M@r1a ransomware\""],"M@r1a":["misp-galaxy:ransomware=\"M@r1a ransomware\""],"BlackHeart":["misp-galaxy:ransomware=\"M@r1a ransomware\""],"MC Ransomware":["misp-galaxy:ransomware=\"MC Ransomware\""],"MIRCOP":["misp-galaxy:ransomware=\"MIRCOP\""],"Crypt888":["misp-galaxy:ransomware=\"MIRCOP\""],"MM Locker":["misp-galaxy:ransomware=\"MM Locker\""],"MOTD Ransomware":["misp-galaxy:ransomware=\"MOTD Ransomware\""],"MSN CryptoLocker Ransomware":["misp-galaxy:ransomware=\"MSN CryptoLocker Ransomware\""],"MVP Ransomware":["misp-galaxy:ransomware=\"MVP Ransomware\""],"Mabouia":["misp-galaxy:ransomware=\"Mabouia\""],"MacAndChess":["misp-galaxy:ransomware=\"MacAndChess\""],"MafiaWare Ransomware":["misp-galaxy:ransomware=\"MafiaWare Ransomware\""],"Depsex Ransomware":["misp-galaxy:ransomware=\"MafiaWare Ransomware\""],"Magic":["misp-galaxy:ransomware=\"Magic\""],"Magniber Ransomware":["misp-galaxy:ransomware=\"Magniber Ransomware\""],"MaktubLocker":["misp-galaxy:ransomware=\"MaktubLocker\""],"Manifestus Ransomware ":["misp-galaxy:ransomware=\"Manifestus Ransomware \""],"Marlboro Ransomware":["misp-galaxy:ransomware=\"Marlboro Ransomware\""],"MarsJoke":["misp-galaxy:ransomware=\"MarsJoke\""],"MasterBuster Ransomware":["misp-galaxy:ransomware=\"MasterBuster Ransomware\""],"Matrix":["misp-galaxy:ransomware=\"Matrix\""],"Malta Ransomware":["misp-galaxy:ransomware=\"Matrix\""],"Matrix Ransomware":["misp-galaxy:ransomware=\"Matrix\""],"Meister":["misp-galaxy:ransomware=\"Meister\""],"Mercury Ransomware":["misp-galaxy:ransomware=\"Mercury Ransomware\""],"Merry Christmas":["misp-galaxy:ransomware=\"Merry Christmas\""],"Merry X-Mas":["misp-galaxy:ransomware=\"Merry Christmas\""],"MRCR":["misp-galaxy:ransomware=\"Merry Christmas\""],"Meteoritan":["misp-galaxy:ransomware=\"Meteoritan\""],"MireWare":["misp-galaxy:ransomware=\"MireWare\""],"Mischa":["misp-galaxy:ransomware=\"Mischa\""],"\"Petya's little brother\"":["misp-galaxy:ransomware=\"Mischa\""],"Mobef":["misp-galaxy:ransomware=\"Mobef\""],"Yakes":["misp-galaxy:ransomware=\"Mobef\""],"Mongo Lock":["misp-galaxy:ransomware=\"Mongo Lock\""],"Monument":["misp-galaxy:ransomware=\"Monument\""],"N-Splitter":["misp-galaxy:ransomware=\"N-Splitter\""],"NCrypt Ransomware":["misp-galaxy:ransomware=\"NCrypt Ransomware\""],"NMCRYPT Ransomware":["misp-galaxy:ransomware=\"NMCRYPT Ransomware\""],"NMoreia 2.0 Ransomware":["misp-galaxy:ransomware=\"NMoreia 2.0 Ransomware\""],"HakunaMatataRansomware":["misp-galaxy:ransomware=\"NMoreia 2.0 Ransomware\""],"NMoreira Ransomware":["misp-galaxy:ransomware=\"NMoreira Ransomware\""],"Fake Maktub Ransomware":["misp-galaxy:ransomware=\"NMoreira Ransomware\""],"NMoreira":["misp-galaxy:ransomware=\"NMoreira\""],"XRatTeam":["misp-galaxy:ransomware=\"NMoreira\""],"XPan":["misp-galaxy:ransomware=\"NMoreira\""],"Nagini Ransomware":["misp-galaxy:ransomware=\"Nagini Ransomware\""],"Voldemort Ransomware":["misp-galaxy:ransomware=\"Nagini Ransomware\""],"NemeS1S Ransomware":["misp-galaxy:ransomware=\"NemeS1S Ransomware\""],"Nemesis Ransomware":["misp-galaxy:ransomware=\"Nemesis Ransomware\""],"Nemucod":["misp-galaxy:ransomware=\"Nemucod\""],"Netflix Ransomware":["misp-galaxy:ransomware=\"Netflix Ransomware\""],"Netix":["misp-galaxy:ransomware=\"Netix\""],"RANSOM_NETIX.A":["misp-galaxy:ransomware=\"Netix\""],"Nhtnwcuf Ransomware (Fake)":["misp-galaxy:ransomware=\"Nhtnwcuf Ransomware (Fake)\""],"Nhtnwcuf":["misp-galaxy:ransomware=\"Nhtnwcuf\""],"NoobCrypt":["misp-galaxy:ransomware=\"NoobCrypt\""],"Nuke":["misp-galaxy:ransomware=\"Nuke\""],"Nullbyte":["misp-galaxy:ransomware=\"Nullbyte\""],"ODCODC":["misp-galaxy:ransomware=\"ODCODC\""],"OMG! Ransomware":["misp-galaxy:ransomware=\"OMG! Ransomware\""],"ONYX Ransomeware":["misp-galaxy:ransomware=\"ONYX Ransomeware\""],"OXAR":["misp-galaxy:ransomware=\"OXAR\""],"Ocelot Ransomware (FAKE RANSOMWARE)":["misp-galaxy:ransomware=\"Ocelot Ransomware (FAKE RANSOMWARE)\""],"Ocelot Locker Ransomware":["misp-galaxy:ransomware=\"Ocelot Ransomware (FAKE RANSOMWARE)\""],"Offline ransomware":["misp-galaxy:ransomware=\"Offline ransomware\""],"Vipasana":["misp-galaxy:ransomware=\"Offline ransomware\""],"Operation Global III":["misp-galaxy:ransomware=\"Operation Global III\""],"Outsider":["misp-galaxy:ransomware=\"Outsider\""],"Owl":["misp-galaxy:ransomware=\"Owl\""],"OzozaLocker Ransomware":["misp-galaxy:ransomware=\"OzozaLocker Ransomware\""],"PClock3 Ransomware":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"PClock SuppTeam Ransomware":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"WinPlock":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"CryptoLocker clone":["misp-galaxy:ransomware=\"PClock3 Ransomware\""],"PClock4 Ransomware":["misp-galaxy:ransomware=\"PClock4 Ransomware\""],"PClock SysGop Ransomware":["misp-galaxy:ransomware=\"PClock4 Ransomware\""],"PGPSnippet Ransomware":["misp-galaxy:ransomware=\"PGPSnippet Ransomware\""],"PICO Ransomware":["misp-galaxy:ransomware=\"PICO Ransomware\""],"Pico Ransomware":["misp-galaxy:ransomware=\"PICO Ransomware\""],"PRISM":["misp-galaxy:ransomware=\"PRISM\""],"PUBG Ransomware":["misp-galaxy:ransomware=\"PUBG Ransomware\""],"Padlock Screenlocker":["misp-galaxy:ransomware=\"Padlock Screenlocker\""],"Paradise Ransomware":["misp-galaxy:ransomware=\"Paradise Ransomware\""],"PayDOS Ransomware":["misp-galaxy:ransomware=\"PayDOS Ransomware\""],"Serpent Ransomware":["misp-galaxy:ransomware=\"PayDOS Ransomware\""],"PayDay Ransomware ":["misp-galaxy:ransomware=\"PayDay Ransomware \""],"PaySafeGen (German) Ransomware":["misp-galaxy:ransomware=\"PaySafeGen (German) Ransomware\""],"Paysafecard Generator 2016":["misp-galaxy:ransomware=\"PaySafeGen (German) Ransomware\""],"Pedcont":["misp-galaxy:ransomware=\"Pedcont\""],"PetrWrap Ransomware":["misp-galaxy:ransomware=\"PetrWrap Ransomware\""],"Goldeneye":["misp-galaxy:ransomware=\"Petya\""],"Philadelphia":["misp-galaxy:ransomware=\"Philadelphia\""],"Phobos":["misp-galaxy:ransomware=\"Phobos\""],"PicklesRansomware":["misp-galaxy:ransomware=\"PicklesRansomware\""],"PizzaCrypts":["misp-galaxy:ransomware=\"PizzaCrypts\""],"Planetary":["misp-galaxy:ransomware=\"Planetary\""],"PleaseRead Ransomware":["misp-galaxy:ransomware=\"PleaseRead Ransomware\""],"VHDLocker Ransomware":["misp-galaxy:ransomware=\"PleaseRead Ransomware\""],"PokemonGO":["misp-galaxy:ransomware=\"PokemonGO\""],"Polski Ransomware":["misp-galaxy:ransomware=\"Polski Ransomware\""],"PopCorn Time Ransomware":["misp-galaxy:ransomware=\"PopCorn Time Ransomware\""],"Potato Ransomware":["misp-galaxy:ransomware=\"Potato Ransomware\""],"PoshCoder":["misp-galaxy:ransomware=\"PowerWare\""],"PowerWorm":["misp-galaxy:ransomware=\"PowerWorm\""],"Princess Evolution":["misp-galaxy:ransomware=\"Princess Evolution\""],"Princess Locker":["misp-galaxy:ransomware=\"Princess Locker\""],"Project34 Ransomware":["misp-galaxy:ransomware=\"Project34 Ransomware\""],"ProposalCrypt Ransomware":["misp-galaxy:ransomware=\"ProposalCrypt Ransomware\""],"Ps2exe":["misp-galaxy:ransomware=\"Ps2exe\""],"PyCL Ransomware":["misp-galaxy:ransomware=\"PyCL Ransomware\""],"PyL33T Ransomware":["misp-galaxy:ransomware=\"PyL33T Ransomware\""],"Qwerty Ransomware":["misp-galaxy:ransomware=\"Qwerty Ransomware\""],"R":["misp-galaxy:ransomware=\"R\""],"R980":["misp-galaxy:ransomware=\"R980\""],"RAA encryptor":["misp-galaxy:ransomware=\"RAA encryptor\""],"RAA":["misp-galaxy:ransomware=\"RAA encryptor\""],"RASTAKHIZ":["misp-galaxy:ransomware=\"RASTAKHIZ\""],"RIP (Phoenix) Ransomware":["misp-galaxy:ransomware=\"RIP (Phoenix) Ransomware\""],"RSAUtil":["misp-galaxy:ransomware=\"RSAUtil\""],"Vagger":["misp-galaxy:ransomware=\"RSAUtil\""],"DONTSLIP":["misp-galaxy:ransomware=\"RSAUtil\""],"Rabion":["misp-galaxy:ransomware=\"Rabion\""],"Agent.iih":["misp-galaxy:ransomware=\"Rakhni\""],"Aura":["misp-galaxy:ransomware=\"Rakhni\""],"Autoit":["misp-galaxy:ransomware=\"Rakhni\""],"Pletor":["misp-galaxy:ransomware=\"Rakhni\""],"Lamer":["misp-galaxy:ransomware=\"Rakhni\""],"Isda":["misp-galaxy:ransomware=\"Rakhni\""],"Cryptokluchen":["misp-galaxy:ransomware=\"Rakhni\""],"Ramsomeer":["misp-galaxy:ransomware=\"Ramsomeer\""],"RanRan":["misp-galaxy:ransomware=\"RanRan\""],"Ranion RaasRansomware":["misp-galaxy:ransomware=\"Ranion RaasRansomware\""],"Rannoh":["misp-galaxy:ransomware=\"Rannoh\""],"Ransom32":["misp-galaxy:ransomware=\"Ransom32\""],"RansomLock":["misp-galaxy:ransomware=\"RansomLock\""],"RansomPlus":["misp-galaxy:ransomware=\"RansomPlus\""],"RarVault":["misp-galaxy:ransomware=\"RarVault\""],"Razy":["misp-galaxy:ransomware=\"Razy\""],"Rector":["misp-galaxy:ransomware=\"Rector\""],"RedAnts Ransomware":["misp-galaxy:ransomware=\"RedAnts Ransomware\""],"RedEye":["misp-galaxy:ransomware=\"RedEye\""],"RektLocker":["misp-galaxy:ransomware=\"RektLocker\""],"Rektware":["misp-galaxy:ransomware=\"Rektware\""],"RemindMe":["misp-galaxy:ransomware=\"RemindMe\""],"RenLocker Ransomware (FAKE)":["misp-galaxy:ransomware=\"RenLocker Ransomware (FAKE)\""],"Revenge Ransomware":["misp-galaxy:ransomware=\"Revenge Ransomware\""],"Reveton ransomware":["misp-galaxy:ransomware=\"Reveton ransomware\""],"RoshaLock":["misp-galaxy:ransomware=\"RoshaLock\""],"RotorCrypt(RotoCrypt, Tar) Ransomware":["misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"Tar Ransomware":["misp-galaxy:ransomware=\"RotorCrypt(RotoCrypt, Tar) Ransomware\""],"RozaLocker Ransomware":["misp-galaxy:ransomware=\"RozaLocker Ransomware\""],"Runsomewere":["misp-galaxy:ransomware=\"Runsomewere\""],"Russian Globe Ransomware":["misp-galaxy:ransomware=\"Russian Globe Ransomware\""],"RussianRoulette":["misp-galaxy:ransomware=\"RussianRoulette\""],"Ryuk ransomware":["misp-galaxy:ransomware=\"Ryuk ransomware\""],"SADStory":["misp-galaxy:ransomware=\"SADStory\""],"SAVEfiles":["misp-galaxy:ransomware=\"SAVEfiles\""],"SNSLocker":["misp-galaxy:ransomware=\"SNSLocker\""],"SOREBRECT":["misp-galaxy:ransomware=\"SOREBRECT\""],"SQ_ Ransomware":["misp-galaxy:ransomware=\"SQ_ Ransomware\""],"VO_ Ransomware":["misp-galaxy:ransomware=\"SQ_ Ransomware\""],"SZFLocker":["misp-galaxy:ransomware=\"SZFLocker\""],"Sage 2.0 Ransomware":["misp-galaxy:ransomware=\"Sage 2.0 Ransomware\""],"Sage 2.2":["misp-galaxy:ransomware=\"Sage 2.2\""],"Sage Ransomware":["misp-galaxy:ransomware=\"Sage Ransomware\""],"Samas-Samsam":["misp-galaxy:ransomware=\"Samas-Samsam\""],"samsam.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"MIKOPONI.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"RikiRafael.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"showmehowto.exe":["misp-galaxy:ransomware=\"Samas-Samsam\""],"SamSam Ransomware":["misp-galaxy:ransomware=\"Samas-Samsam\""],"Samsam":["misp-galaxy:ransomware=\"Samas-Samsam\""],"Sanction":["misp-galaxy:ransomware=\"Sanction\""],"Sanctions":["misp-galaxy:ransomware=\"Sanctions\""],"Sardoninir":["misp-galaxy:ransomware=\"Sardoninir\""],"Satan666 Ransomware":["misp-galaxy:ransomware=\"Satan666 Ransomware\""],"Scarab":["misp-galaxy:ransomware=\"Scarab\""],"Scraper":["misp-galaxy:ransomware=\"Scraper\""],"Seoirse Ransomware":["misp-galaxy:ransomware=\"Seoirse Ransomware\""],"SerbRansom 2017 Ransomware":["misp-galaxy:ransomware=\"SerbRansom 2017 Ransomware\""],"Serpent 2017 Ransomware":["misp-galaxy:ransomware=\"Serpent 2017 Ransomware\""],"Serpent Danish Ransomware":["misp-galaxy:ransomware=\"Serpent 2017 Ransomware\""],"Shark":["misp-galaxy:ransomware=\"Shark\"","misp-galaxy:rat=\"SharK\""],"Atom":["misp-galaxy:ransomware=\"Shark\""],"ShellLocker Ransomware":["misp-galaxy:ransomware=\"ShellLocker Ransomware\""],"ShinoLocker":["misp-galaxy:ransomware=\"ShinoLocker\""],"KinCrypt":["misp-galaxy:ransomware=\"Shujin\""],"ShurL0ckr":["misp-galaxy:ransomware=\"ShurL0ckr\""],"Sigma Ransomware":["misp-galaxy:ransomware=\"Sigma Ransomware\""],"Sigrun Ransomware":["misp-galaxy:ransomware=\"Sigrun Ransomware\""],"Simple_Encoder":["misp-galaxy:ransomware=\"Simple_Encoder\""],"SkidLocker":["misp-galaxy:ransomware=\"SkidLocker\""],"Pompous":["misp-galaxy:ransomware=\"SkidLocker\""],"SkyFile":["misp-galaxy:ransomware=\"SkyFile\""],"SkyName Ransomware":["misp-galaxy:ransomware=\"SkyName Ransomware\""],"Blablabla Ransomware":["misp-galaxy:ransomware=\"SkyName Ransomware\""],"Slimhem Ransomware":["misp-galaxy:ransomware=\"Slimhem Ransomware\""],"Smash!":["misp-galaxy:ransomware=\"Smash!\""],"Smrss32":["misp-galaxy:ransomware=\"Smrss32\""],"Sodinokibi":["misp-galaxy:ransomware=\"Sodinokibi\""],"Spartacus Ransomware":["misp-galaxy:ransomware=\"Spartacus Ransomware\""],"Spora Ransomware":["misp-galaxy:ransomware=\"Spora Ransomware\""],"Sport":["misp-galaxy:ransomware=\"Sport\"","misp-galaxy:sector=\"Sport\""],"Stampado":["misp-galaxy:ransomware=\"Stampado\""],"StorageCrypt":["misp-galaxy:ransomware=\"StorageCrypt\""],"StorageCrypter":["misp-galaxy:ransomware=\"StorageCrypter\""],"Strictor":["misp-galaxy:ransomware=\"Strictor\""],"SuchSecurity Ransomware":["misp-galaxy:ransomware=\"SuchSecurity Ransomware\""],"SureRansom Ransomeware (Fake)":["misp-galaxy:ransomware=\"SureRansom Ransomeware (Fake)\""],"Surprise":["misp-galaxy:ransomware=\"Surprise\""],"Survey":["misp-galaxy:ransomware=\"Survey\""],"Syn Ack":["misp-galaxy:ransomware=\"SynAck\""],"SynoLocker":["misp-galaxy:ransomware=\"SynoLocker\""],"TYRANT":["misp-galaxy:ransomware=\"TYRANT\""],"Crypto Tyrant":["misp-galaxy:ransomware=\"TYRANT\""],"TeamXrat":["misp-galaxy:ransomware=\"TeamXrat\""],"Telecrypt Ransomware":["misp-galaxy:ransomware=\"Telecrypt Ransomware\""],"Tellyouthepass":["misp-galaxy:ransomware=\"Tellyouthepass\""],"Termite Ransomware":["misp-galaxy:ransomware=\"Termite Ransomware\""],"TeslaCrypt 0.x - 2.2.0":["misp-galaxy:ransomware=\"TeslaCrypt 0.x - 2.2.0\""],"AlphaCrypt":["misp-galaxy:ransomware=\"TeslaCrypt 0.x - 2.2.0\""],"TeslaCrypt 3.0+":["misp-galaxy:ransomware=\"TeslaCrypt 3.0+\""],"TeslaCrypt 4.1A":["misp-galaxy:ransomware=\"TeslaCrypt 4.1A\""],"TeslaCrypt 4.2":["misp-galaxy:ransomware=\"TeslaCrypt 4.2\""],"Thanksgiving Ransomware":["misp-galaxy:ransomware=\"Thanksgiving Ransomware\""],"Threat Finder":["misp-galaxy:ransomware=\"Threat Finder\""],"Crypt0L0cker":["misp-galaxy:ransomware=\"TorrentLocker\""],"Teerac":["misp-galaxy:ransomware=\"TorrentLocker\""],"TowerWeb":["misp-galaxy:ransomware=\"TowerWeb\""],"Toxcrypt":["misp-galaxy:ransomware=\"Toxcrypt\""],"Trojan Dz":["misp-galaxy:ransomware=\"Trojan Dz\""],"Trojan":["misp-galaxy:ransomware=\"Trojan\""],"BrainCrypt":["misp-galaxy:ransomware=\"Trojan\""],"Troldesh orShade, XTBL":["misp-galaxy:ransomware=\"Troldesh orShade, XTBL\""],"Tron ransomware":["misp-galaxy:ransomware=\"Tron ransomware\""],"TrueCrypter":["misp-galaxy:ransomware=\"TrueCrypter\""],"TrumpLocker Ransomware":["misp-galaxy:ransomware=\"TrumpLocker Ransomware\""],"Turkish FileEncryptor Ransomware":["misp-galaxy:ransomware=\"Turkish FileEncryptor Ransomware\""],"Fake CTB-Locker":["misp-galaxy:ransomware=\"Turkish FileEncryptor Ransomware\""],"Turkish Ransom":["misp-galaxy:ransomware=\"Turkish Ransom\""],"Turkish":["misp-galaxy:ransomware=\"Turkish\""],"Uiwix Ransomware":["misp-galaxy:ransomware=\"Uiwix Ransomware\""],"UltraLocker Ransomware":["misp-galaxy:ransomware=\"UltraLocker Ransomware\""],"UmbreCrypt":["misp-galaxy:ransomware=\"UmbreCrypt\""],"UnblockUPC":["misp-galaxy:ransomware=\"UnblockUPC\""],"Ungluk":["misp-galaxy:ransomware=\"Ungluk\""],"Unlock26 Ransomware":["misp-galaxy:ransomware=\"Unlock26 Ransomware\""],"Unlock92 ":["misp-galaxy:ransomware=\"Unlock92 \""],"Unnamed Android Ransomware":["misp-galaxy:ransomware=\"Unnamed Android Ransomware\""],"Unnamed ramsomware 1":["misp-galaxy:ransomware=\"Unnamed ramsomware 1\""],"Unnamed ramsomware 2":["misp-galaxy:ransomware=\"Unnamed ramsomware 2\""],"UpdateHost Ransomware":["misp-galaxy:ransomware=\"UpdateHost Ransomware\""],"UserFilesLocker Ransomware":["misp-galaxy:ransomware=\"UserFilesLocker Ransomware\""],"CzechoSlovak Ransomware":["misp-galaxy:ransomware=\"UserFilesLocker Ransomware\""],"V8Locker Ransomware":["misp-galaxy:ransomware=\"V8Locker Ransomware\""],"VBRANSOM 7":["misp-galaxy:ransomware=\"VBRANSOM 7\""],"Vanguard Ransomware":["misp-galaxy:ransomware=\"Vanguard Ransomware\""],"VapeLauncher":["misp-galaxy:ransomware=\"VapeLauncher\""],"Vapor Ransomware":["misp-galaxy:ransomware=\"Vapor Ransomware\""],"VaultCrypt":["misp-galaxy:ransomware=\"VaultCrypt\"","misp-galaxy:ransomware=\"Zlader\""],"CrypVault":["misp-galaxy:ransomware=\"VaultCrypt\"","misp-galaxy:ransomware=\"Zlader\""],"Zlader":["misp-galaxy:ransomware=\"VaultCrypt\"","misp-galaxy:ransomware=\"Zlader\""],"Venis Ransomware":["misp-galaxy:ransomware=\"Venis Ransomware\""],"VenusLocker":["misp-galaxy:ransomware=\"VenusLocker\""],"VindowsLocker Ransomware":["misp-galaxy:ransomware=\"VindowsLocker Ransomware\""],"Virlock":["misp-galaxy:ransomware=\"Virlock\""],"Virus-Encoder":["misp-galaxy:ransomware=\"Virus-Encoder\""],"CrySiS":["misp-galaxy:ransomware=\"Virus-Encoder\""],"Vortex Ransomware":["misp-galaxy:ransomware=\"Vortex Ransomware\""],"\u0166l\u0e4ft\u0454\u0433\u0e04 \u0433\u0e04\u0e20\u0e23\u0e4f\u0e53\u0e2c\u0e04\u0433\u0454":["misp-galaxy:ransomware=\"Vortex Ransomware\""],"Vurten":["misp-galaxy:ransomware=\"Vurten\""],"VxLock Ransomware":["misp-galaxy:ransomware=\"VxLock Ransomware\""],"WannaCrypt":["misp-galaxy:ransomware=\"WannaCry\""],"WCrypt":["misp-galaxy:ransomware=\"WannaCry\""],"WCRY":["misp-galaxy:ransomware=\"WannaCry\""],"WannaSmile":["misp-galaxy:ransomware=\"WannaSmile\""],"Wcry Ransomware":["misp-galaxy:ransomware=\"Wcry Ransomware\""],"WeChat Ransom":["misp-galaxy:ransomware=\"WeChat Ransom\""],"UNNAMED1989":["misp-galaxy:ransomware=\"WeChat Ransom\""],"WhiteRose":["misp-galaxy:ransomware=\"WhiteRose\""],"WickedLocker HT Ransomware":["misp-galaxy:ransomware=\"WickedLocker HT Ransomware\""],"WildFire Locker":["misp-galaxy:ransomware=\"WildFire Locker\""],"Hades Locker":["misp-galaxy:ransomware=\"WildFire Locker\""],"WinRarer Ransomware":["misp-galaxy:ransomware=\"WinRarer Ransomware\""],"Windows_Security Ransonware":["misp-galaxy:ransomware=\"Windows_Security Ransonware\""],"WS Go Ransonware":["misp-galaxy:ransomware=\"Windows_Security Ransonware\""],"Winnix Cryptor Ransomware":["misp-galaxy:ransomware=\"Winnix Cryptor Ransomware\""],"X-Files":["misp-galaxy:ransomware=\"X-Files\""],"X3M Ransomware":["misp-galaxy:ransomware=\"X3M Ransomware\""],"XCrypt Ransomware":["misp-galaxy:ransomware=\"XCrypt Ransomware\""],"XRTN ":["misp-galaxy:ransomware=\"XRTN \""],"XTPLocker 5.0 Ransomware":["misp-galaxy:ransomware=\"XTPLocker 5.0 Ransomware\""],"XYZWare Ransomware":["misp-galaxy:ransomware=\"XYZWare Ransomware\""],"XiaoBa ransomware":["misp-galaxy:ransomware=\"XiaoBa ransomware\""],"Xolzsec":["misp-galaxy:ransomware=\"Xolzsec\""],"Xorist":["misp-galaxy:ransomware=\"Xorist\""],"YYTO Ransomware":["misp-galaxy:ransomware=\"YYTO Ransomware\""],"You Have Been Hacked!!!":["misp-galaxy:ransomware=\"You Have Been Hacked!!!\""],"YouAreFucked Ransomware":["misp-galaxy:ransomware=\"YouAreFucked Ransomware\""],"YourRansom Ransomware":["misp-galaxy:ransomware=\"YourRansom Ransomware\""],"ZXZ Ramsomware":["misp-galaxy:ransomware=\"ZXZ Ramsomware\""],"Zcrypt":["misp-galaxy:ransomware=\"Zcrypt\""],"Zcryptor":["misp-galaxy:ransomware=\"Zcrypt\""],"ZekwaCrypt Ransomware":["misp-galaxy:ransomware=\"ZekwaCrypt Ransomware\""],"Zenis Ransomware":["misp-galaxy:ransomware=\"Zenis Ransomware\""],"ZeroCrypt Ransomware":["misp-galaxy:ransomware=\"ZeroCrypt Ransomware\""],"Zimbra":["misp-galaxy:ransomware=\"Zimbra\""],"ZinoCrypt Ransomware":["misp-galaxy:ransomware=\"ZinoCrypt Ransomware\""],"Russian":["misp-galaxy:ransomware=\"Zlader\""],"Zorro":["misp-galaxy:ransomware=\"Zorro\""],"Zyka Ransomware":["misp-galaxy:ransomware=\"Zyka Ransomware\""],"encryptoJJS":["misp-galaxy:ransomware=\"encryptoJJS\""],"garrantydecrypt":["misp-galaxy:ransomware=\"garrantydecrypt\""],"iLock":["misp-galaxy:ransomware=\"iLock\""],"iLockLight":["misp-galaxy:ransomware=\"iLockLight\""],"iRansom":["misp-galaxy:ransomware=\"iRansom\""],"n1n1n1":["misp-galaxy:ransomware=\"n1n1n1\""],"of Ransomware: OpenToYou (Formerly known as OpenToDecrypt)":["misp-galaxy:ransomware=\"of Ransomware: OpenToYou (Formerly known as OpenToDecrypt)\""],"qkG":["misp-galaxy:ransomware=\"qkG\""],"vxLock":["misp-galaxy:ransomware=\"vxLock\""],"zScreenLocker Ransomware":["misp-galaxy:ransomware=\"zScreenLocker Ransomware\""],"5p00f3r.N$ RAT":["misp-galaxy:rat=\"5p00f3r.N$ RAT\""],"9002":["misp-galaxy:rat=\"9002\""],"A32s RAT":["misp-galaxy:rat=\"A32s RAT\""],"A4Zeta":["misp-galaxy:rat=\"A4Zeta\""],"Adwind RAT":["misp-galaxy:rat=\"Adwind RAT\""],"UNiversal REmote COntrol Multi-Platform":["misp-galaxy:rat=\"Adwind RAT\""],"Adzok":["misp-galaxy:rat=\"Adzok\""],"AeroAdmin":["misp-galaxy:rat=\"AeroAdmin\""],"AhNyth Android":["misp-galaxy:rat=\"AhNyth Android\""],"Ahtapod":["misp-galaxy:rat=\"Ahtapod\""],"Albertino Advanced RAT":["misp-galaxy:rat=\"Albertino Advanced RAT\""],"Ammyy Admin":["misp-galaxy:rat=\"Ammyy Admin\""],"Ammyy":["misp-galaxy:rat=\"Ammyy Admin\""],"Androrat":["misp-galaxy:rat=\"Androrat\""],"AnyDesk":["misp-galaxy:rat=\"AnyDesk\""],"Arabian-Attacker RAT":["misp-galaxy:rat=\"Arabian-Attacker RAT\""],"Archelaus Beta":["misp-galaxy:rat=\"Archelaus Beta\""],"Arcom":["misp-galaxy:rat=\"Arcom\""],"Arctic R.A.T.":["misp-galaxy:rat=\"Arctic R.A.T.\""],"Artic":["misp-galaxy:rat=\"Arctic R.A.T.\""],"Assassin":["misp-galaxy:rat=\"Assassin\""],"Atelier Web Remote Commander":["misp-galaxy:rat=\"Atelier Web Remote Commander\""],"BBS RAT":["misp-galaxy:rat=\"BBS RAT\""],"BD Y3K RAT":["misp-galaxy:rat=\"BD Y3K RAT\""],"Back Door Y3K RAT":["misp-galaxy:rat=\"BD Y3K RAT\""],"Y3k":["misp-galaxy:rat=\"BD Y3K RAT\""],"BX":["misp-galaxy:rat=\"BX\""],"Babylon":["misp-galaxy:rat=\"Babylon\""],"Back Orifice 2000":["misp-galaxy:rat=\"Back Orifice 2000\""],"BO2k":["misp-galaxy:rat=\"Back Orifice 2000\""],"Back Orifice":["misp-galaxy:rat=\"Back Orifice\""],"BO":["misp-galaxy:rat=\"Back Orifice\""],"Bandook RAT":["misp-galaxy:rat=\"Bandook RAT\""],"Batch NET":["misp-galaxy:rat=\"Batch NET\""],"BeamYourScreen":["misp-galaxy:rat=\"BeamYourScreen\""],"Beast Trojan":["misp-galaxy:rat=\"Beast Trojan\""],"Bifrost":["misp-galaxy:rat=\"Bifrost\""],"Biodox":["misp-galaxy:rat=\"Biodox\""],"BlackNix":["misp-galaxy:rat=\"BlackNix\""],"Blackshades":["misp-galaxy:rat=\"Blackshades\"","misp-galaxy:tool=\"Blackshades\""],"Blizzard":["misp-galaxy:rat=\"Blizzard\""],"Blue Banana":["misp-galaxy:rat=\"Blue Banana\""],"Brat":["misp-galaxy:rat=\"Brat\""],"CIA RAT":["misp-galaxy:rat=\"CIA RAT\""],"CTOS":["misp-galaxy:rat=\"CTOS\""],"Caesar RAT":["misp-galaxy:rat=\"Caesar RAT\""],"Cardinal":["misp-galaxy:rat=\"Cardinal\""],"Casa RAT":["misp-galaxy:rat=\"Casa RAT\""],"Cerberus RAT":["misp-galaxy:rat=\"Cerberus RAT\""],"Char0n":["misp-galaxy:rat=\"Char0n\""],"Chrome Remote Desktop":["misp-galaxy:rat=\"Chrome Remote Desktop\""],"ClientMesh":["misp-galaxy:rat=\"ClientMesh\""],"Coldroot":["misp-galaxy:rat=\"Coldroot\""],"Comodo Unite":["misp-galaxy:rat=\"Comodo Unite\""],"CrossRat":["misp-galaxy:rat=\"CrossRat\""],"Cyber Eye RAT":["misp-galaxy:rat=\"Cyber Eye RAT\""],"DameWare Mini Remote Control":["misp-galaxy:rat=\"DameWare Mini Remote Control\""],"dameware":["misp-galaxy:rat=\"DameWare Mini Remote Control\""],"Dark DDoSeR":["misp-galaxy:rat=\"Dark DDoSeR\""],"Dark Comet":["misp-galaxy:rat=\"DarkComet\"","misp-galaxy:tool=\"Dark Comet\""],"DarkMoon":["misp-galaxy:rat=\"DarkMoon\""],"Dark Moon":["misp-galaxy:rat=\"DarkMoon\""],"DarkRat":["misp-galaxy:rat=\"DarkRat\""],"DarkRAT":["misp-galaxy:rat=\"DarkRat\""],"DarkTrack":["misp-galaxy:rat=\"DarkTrack\""],"Darknet RAT":["misp-galaxy:rat=\"Darknet RAT\""],"Dark NET RAT":["misp-galaxy:rat=\"Darknet RAT\""],"Deeper RAT":["misp-galaxy:rat=\"Deeper RAT\""],"DesktopNow":["misp-galaxy:rat=\"DesktopNow\""],"Erebus":["misp-galaxy:rat=\"Erebus\""],"FINSPY":["misp-galaxy:rat=\"FINSPY\"","misp-galaxy:tool=\"FINSPY\""],"Felipe":["misp-galaxy:rat=\"Felipe\""],"Felismus RAT":["misp-galaxy:rat=\"Felismus RAT\""],"FlawedAmmy":["misp-galaxy:rat=\"FlawedAmmy\""],"GOlden Phoenix":["misp-galaxy:rat=\"GOlden Phoenix\""],"Ucul":["misp-galaxy:rat=\"Ghost\""],"GraphicBooting":["misp-galaxy:rat=\"GraphicBooting\""],"Greame":["misp-galaxy:rat=\"Greame\""],"Greek Hackers RAT":["misp-galaxy:rat=\"Greek Hackers RAT\""],"H-w0rm":["misp-galaxy:rat=\"H-w0rm\""],"H-worm":["misp-galaxy:rat=\"H-worm\""],"HTTP WEB BACKDOOR":["misp-galaxy:rat=\"HTTP WEB BACKDOOR\""],"Hallaj PRO RAT":["misp-galaxy:rat=\"Hallaj PRO RAT\""],"Hav-RAT":["misp-galaxy:rat=\"Hav-RAT\""],"HawkEye":["misp-galaxy:rat=\"HawkEye\""],"Heseber":["misp-galaxy:rat=\"Heseber\""],"Imminent Monitor":["misp-galaxy:rat=\"Imminent Monitor\""],"Indetectables RAT":["misp-galaxy:rat=\"Indetectables RAT\""],"JCage":["misp-galaxy:rat=\"JCage\""],"Jfect":["misp-galaxy:rat=\"Jfect\""],"Kazybot":["misp-galaxy:rat=\"Kazybot\""],"KhRAT":["misp-galaxy:rat=\"KhRAT\""],"Kiler RAT":["misp-galaxy:rat=\"Kiler RAT\""],"Njw0rm":["misp-galaxy:rat=\"Kiler RAT\"","misp-galaxy:rat=\"NJRat\""],"Killer RAT":["misp-galaxy:rat=\"Killer RAT\""],"KjW0rm":["misp-galaxy:rat=\"KjW0rm\"","misp-galaxy:tool=\"KjW0rm\""],"Lanfiltrator":["misp-galaxy:rat=\"Lanfiltrator\""],"LeGeNd":["misp-galaxy:rat=\"LeGeNd\""],"LiteManager":["misp-galaxy:rat=\"LiteManager\""],"Loki RAT":["misp-galaxy:rat=\"Loki RAT\""],"LokiTech":["misp-galaxy:rat=\"LokiTech\""],"Lost Door":["misp-galaxy:rat=\"Lost Door\""],"LostDoor":["misp-galaxy:rat=\"Lost Door\""],"Luminosity Link":["misp-galaxy:rat=\"Luminosity Link\""],"LuxNET":["misp-galaxy:rat=\"LuxNET\""],"MINI-MO":["misp-galaxy:rat=\"MINI-MO\""],"MLRat":["misp-galaxy:rat=\"MLRat\""],"MRA RAT":["misp-galaxy:rat=\"MRA RAT\""],"MadRAT":["misp-galaxy:rat=\"MadRAT\""],"Mangit":["misp-galaxy:rat=\"Mangit\""],"Matryoshka":["misp-galaxy:rat=\"Matryoshka\"","misp-galaxy:tool=\"Matryoshka\""],"Mega":["misp-galaxy:rat=\"Mega\""],"MegaTrojan":["misp-galaxy:rat=\"MegaTrojan\""],"Minimo":["misp-galaxy:rat=\"Minimo\""],"MoSucker":["misp-galaxy:rat=\"MoSucker\""],"MofoTro":["misp-galaxy:rat=\"MofoTro\""],"NET-MONITOR PRO":["misp-galaxy:rat=\"NET-MONITOR PRO\""],"NJRat":["misp-galaxy:rat=\"NJRat\""],"Net Devil":["misp-galaxy:rat=\"Net Devil\""],"NetDevil":["misp-galaxy:rat=\"Net Devil\"","misp-galaxy:rat=\"NetDevil\""],"Netbus":["misp-galaxy:rat=\"Netbus\""],"NetBus":["misp-galaxy:rat=\"Netbus\""],"Netsupport Manager":["misp-galaxy:rat=\"Netsupport Manager\""],"Netwire":["misp-galaxy:rat=\"Netwire\""],"NewCore":["misp-galaxy:rat=\"NewCore\""],"Nova":["misp-galaxy:rat=\"Nova\""],"Nuclear RAT":["misp-galaxy:rat=\"Nuclear RAT\""],"NukeSped":["misp-galaxy:rat=\"NukeSped\""],"Nytro":["misp-galaxy:rat=\"Nytro\""],"Offence":["misp-galaxy:rat=\"Offence\""],"Optix Pro":["misp-galaxy:rat=\"Optix Pro\""],"Orcus":["misp-galaxy:rat=\"Orcus\""],"Ozone":["misp-galaxy:rat=\"Ozone\""],"P. Storrie RAT":["misp-galaxy:rat=\"P. Storrie RAT\""],"P.Storrie RAT":["misp-galaxy:rat=\"P. Storrie RAT\""],"Pain RAT":["misp-galaxy:rat=\"Pain RAT\""],"Pandora":["misp-galaxy:rat=\"Pandora\""],"Paradox":["misp-galaxy:rat=\"Paradox\""],"Parasite-HTTP-RAT":["misp-galaxy:rat=\"Parasite-HTTP-RAT\""],"PentagonRAT":["misp-galaxy:rat=\"PentagonRAT\""],"Plasma RAT":["misp-galaxy:rat=\"Plasma RAT\""],"Pocket RAT":["misp-galaxy:rat=\"Pocket RAT\""],"Backdoor.Win32.PoisonIvy":["misp-galaxy:rat=\"PoisonIvy\"","misp-galaxy:tool=\"Poison Ivy\""],"Gen:Trojan.Heur.PT":["misp-galaxy:rat=\"PoisonIvy\"","misp-galaxy:tool=\"Poison Ivy\""],"PowerRAT":["misp-galaxy:rat=\"PowerRAT\""],"PredatorPain":["misp-galaxy:rat=\"Predator Pain\""],"ProRat":["misp-galaxy:rat=\"ProRat\""],"Punisher RAT":["misp-galaxy:rat=\"Punisher RAT\""],"Qarallax":["misp-galaxy:rat=\"Qarallax\""],"qrat":["misp-galaxy:rat=\"Qarallax\"","misp-galaxy:tool=\"qrat\""],"Quaverse":["misp-galaxy:rat=\"Quaverse\""],"QRAT":["misp-galaxy:rat=\"Quaverse\""],"RATAttack":["misp-galaxy:rat=\"RATAttack\""],"RWX RAT":["misp-galaxy:rat=\"RWX RAT\""],"RaTRon":["misp-galaxy:rat=\"RaTRon\""],"RealVNC":["misp-galaxy:rat=\"RealVNC\""],"VNC Connect":["misp-galaxy:rat=\"RealVNC\""],"VNC Viewer":["misp-galaxy:rat=\"RealVNC\""],"Remote Utilities":["misp-galaxy:rat=\"Remote Utilities\""],"RemotePC":["misp-galaxy:rat=\"RemotePC\""],"RevCode":["misp-galaxy:rat=\"RevCode\""],"Revenge-RAT":["misp-galaxy:rat=\"Revenge-RAT\""],"Rottie3":["misp-galaxy:rat=\"Rottie3\""],"Sandro RAT":["misp-galaxy:rat=\"Sandro RAT\""],"Schwarze-Sonne-RAT":["misp-galaxy:rat=\"Schwarze-Sonne-RAT\""],"SS-RAT":["misp-galaxy:rat=\"Schwarze-Sonne-RAT\""],"Schwarze Sonne":["misp-galaxy:rat=\"Schwarze-Sonne-RAT\""],"Seecreen":["misp-galaxy:rat=\"Seecreen\""],"Firnass":["misp-galaxy:rat=\"Seecreen\""],"Seed RAT":["misp-galaxy:rat=\"Seed RAT\""],"Setro":["misp-galaxy:rat=\"Setro\""],"SharK":["misp-galaxy:rat=\"SharK\""],"SHARK":["misp-galaxy:rat=\"SharK\""],"SharpBot":["misp-galaxy:rat=\"SharpBot\""],"SharpEye":["misp-galaxy:rat=\"SharpEye\""],"ShowMyPC":["misp-galaxy:rat=\"ShowMyPC\""],"Sky Wyder":["misp-galaxy:rat=\"Sky Wyder\""],"Small-Net":["misp-galaxy:rat=\"Small-Net\""],"SmallNet":["misp-galaxy:rat=\"Small-Net\""],"Snoopy":["misp-galaxy:rat=\"Snoopy\""],"Snowdoor":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor.Blizzard":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor.Fxdoor":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor.Snowdoor":["misp-galaxy:rat=\"Snowdoor\""],"Backdoor:Win32\/Snowdoor":["misp-galaxy:rat=\"Snowdoor\""],"Socket23":["misp-galaxy:rat=\"Socket23\""],"SocketPlayer":["misp-galaxy:rat=\"SocketPlayer\""],"Sparta RAT":["misp-galaxy:rat=\"Sparta RAT\""],"SpyCronic":["misp-galaxy:rat=\"SpyCronic\""],"SpyGate":["misp-galaxy:rat=\"SpyGate\""],"Spymaster Pro":["misp-galaxy:rat=\"Spymaster Pro\""],"Spynet":["misp-galaxy:rat=\"Spynet\""],"Sub7":["misp-galaxy:rat=\"Sub7\""],"SubSeven":["misp-galaxy:rat=\"Sub7\""],"Sub7Server":["misp-galaxy:rat=\"Sub7\""],"Syla":["misp-galaxy:rat=\"Syla\""],"Syndrome RAT":["misp-galaxy:rat=\"Syndrome RAT\""],"TINY":["misp-galaxy:rat=\"TINY\""],"TSCookieRAT":["misp-galaxy:rat=\"TSCookieRAT\""],"TeamViewer":["misp-galaxy:rat=\"TeamViewer\""],"Tequila Bandita":["misp-galaxy:rat=\"Tequila Bandita\""],"TheFat RAT":["misp-galaxy:rat=\"TheFat RAT\""],"TheOneSpy":["misp-galaxy:rat=\"TheOneSpy\""],"Theef":["misp-galaxy:rat=\"Theef\""],"Toquito Bandito":["misp-galaxy:rat=\"Toquito Bandito\""],"TorCT PHP RAT":["misp-galaxy:rat=\"TorCT PHP RAT\""],"Trochilus":["misp-galaxy:rat=\"Trochilus\"","misp-galaxy:tool=\"Trochilus\""],"Turkojan":["misp-galaxy:rat=\"Turkojan\""],"UNITEDRAKE":["misp-galaxy:rat=\"UNITEDRAKE\""],"Ultra VNC":["misp-galaxy:rat=\"Ultra VNC\""],"Vanguard":["misp-galaxy:rat=\"Vanguard\""],"Vantom":["misp-galaxy:rat=\"Vantom\""],"Venomous Ivy":["misp-galaxy:rat=\"Venomous Ivy\""],"Virus RAT":["misp-galaxy:rat=\"Virus RAT\""],"VorteX":["misp-galaxy:rat=\"VorteX\""],"Vortex":["misp-galaxy:rat=\"Vortex\""],"WiRAT":["misp-galaxy:rat=\"WiRAT\""],"Win32.HsIdir":["misp-galaxy:rat=\"Win32.HsIdir\""],"Windows Remote Desktop":["misp-galaxy:rat=\"Windows Remote Desktop\""],"Xanity":["misp-galaxy:rat=\"Xanity\""],"Xena":["misp-galaxy:rat=\"Xena\""],"Xpert":["misp-galaxy:rat=\"Xpert\""],"Xploit":["misp-galaxy:rat=\"Xploit\""],"Xsser":["misp-galaxy:rat=\"Xsser\""],"mRAT":["misp-galaxy:rat=\"Xsser\""],"XtremeRAT":["misp-galaxy:rat=\"XtremeRAT\""],"Xyligan":["misp-galaxy:rat=\"Xyligan\""],"ZOMBIE SLAYER":["misp-galaxy:rat=\"ZOMBIE SLAYER\""],"death":["misp-galaxy:rat=\"death\""],"drat":["misp-galaxy:rat=\"drat\""],"JacksBot":["misp-galaxy:rat=\"jRAT\""],"joanap":["misp-galaxy:rat=\"joanap\""],"join.me":["misp-galaxy:rat=\"join.me\""],"miniRAT":["misp-galaxy:rat=\"miniRAT\""],"rokrat":["misp-galaxy:rat=\"rokrat\""],"vjw0rm 0.1":["misp-galaxy:rat=\"vjw0rm 0.1\""],"xHacker Pro RAT":["misp-galaxy:rat=\"xHacker Pro RAT\""],"Academia - University":["misp-galaxy:sector=\"Academia - University\""],"Accounting":["misp-galaxy:sector=\"Accounting\""],"Activists":["misp-galaxy:sector=\"Activists\""],"Advertising":["misp-galaxy:sector=\"Advertising\""],"Aerospace":["misp-galaxy:sector=\"Aerospace\""],"Agriculture":["misp-galaxy:sector=\"Agriculture\""],"Arts":["misp-galaxy:sector=\"Arts\""],"Automotive":["misp-galaxy:sector=\"Automotive\""],"Bank":["misp-galaxy:sector=\"Bank\""],"Biomedical":["misp-galaxy:sector=\"Biomedical\""],"Casino":["misp-galaxy:sector=\"Casino\""],"Chemical":["misp-galaxy:sector=\"Chemical\""],"Citizens":["misp-galaxy:sector=\"Citizens\""],"Civil Aviation":["misp-galaxy:sector=\"Civil Aviation\""],"Civil society":["misp-galaxy:sector=\"Civil society\""],"Communication equipment":["misp-galaxy:sector=\"Communication equipment\""],"Construction":["misp-galaxy:sector=\"Construction\""],"Consulting":["misp-galaxy:sector=\"Consulting\""],"Country":["misp-galaxy:sector=\"Country\""],"Culture":["misp-galaxy:sector=\"Culture\""],"DNS service provider":["misp-galaxy:sector=\"DNS service provider\""],"Data Broker":["misp-galaxy:sector=\"Data Broker\""],"Defense":["misp-galaxy:sector=\"Defense\""],"Development":["misp-galaxy:sector=\"Development\""],"Digital infrastructure":["misp-galaxy:sector=\"Digital infrastructure\""],"Digital services":["misp-galaxy:sector=\"Digital services\""],"Diplomacy":["misp-galaxy:sector=\"Diplomacy\""],"Dissidents":["misp-galaxy:sector=\"Dissidents\""],"Education":["misp-galaxy:sector=\"Education\""],"Electric":["misp-galaxy:sector=\"Electric\""],"Electronic":["misp-galaxy:sector=\"Electronic\""],"Employment":["misp-galaxy:sector=\"Employment\""],"Energy":["misp-galaxy:sector=\"Energy\""],"Entertainment":["misp-galaxy:sector=\"Entertainment\""],"Environment":["misp-galaxy:sector=\"Environment\""],"Finance":["misp-galaxy:sector=\"Finance\""],"Food":["misp-galaxy:sector=\"Food\""],"Game":["misp-galaxy:sector=\"Game\""],"Gas":["misp-galaxy:sector=\"Gas\""],"Government, Administration":["misp-galaxy:sector=\"Government, Administration\""],"Health":["misp-galaxy:sector=\"Health\""],"High tech":["misp-galaxy:sector=\"High tech\""],"Higher education":["misp-galaxy:sector=\"Higher education\""],"Hospitality":["misp-galaxy:sector=\"Hospitality\""],"Hotels":["misp-galaxy:sector=\"Hotels\""],"IT - Hacker":["misp-galaxy:sector=\"IT - Hacker\""],"IT - ISP":["misp-galaxy:sector=\"IT - ISP\""],"IT - Security":["misp-galaxy:sector=\"IT - Security\""],"IT":["misp-galaxy:sector=\"IT\""],"Immigration":["misp-galaxy:sector=\"Immigration\""],"Industrial":["misp-galaxy:sector=\"Industrial\""],"Infrastructure":["misp-galaxy:sector=\"Infrastructure\""],"Insurance":["misp-galaxy:sector=\"Insurance\""],"Intelligence":["misp-galaxy:sector=\"Intelligence\""],"Investment":["misp-galaxy:sector=\"Investment\""],"Islamic forums":["misp-galaxy:sector=\"Islamic forums\""],"Islamic organisation":["misp-galaxy:sector=\"Islamic organisation\""],"Journalist":["misp-galaxy:sector=\"Journalist\""],"Justice":["misp-galaxy:sector=\"Justice\""],"Lawyers":["misp-galaxy:sector=\"Lawyers\""],"Legal":["misp-galaxy:sector=\"Legal\""],"Life science":["misp-galaxy:sector=\"Life science\""],"Logistic":["misp-galaxy:sector=\"Logistic\""],"Managed Services Provider":["misp-galaxy:sector=\"Managed Services Provider\""],"Manufacturing":["misp-galaxy:sector=\"Manufacturing\""],"Maritime":["misp-galaxy:sector=\"Maritime\""],"Marketing":["misp-galaxy:sector=\"Marketing\""],"Metal":["misp-galaxy:sector=\"Metal\""],"Military":["misp-galaxy:sector=\"Military\""],"Mining":["misp-galaxy:sector=\"Mining\""],"Multi-sector":["misp-galaxy:sector=\"Multi-sector\""],"NGO":["misp-galaxy:sector=\"NGO\""],"News - Media":["misp-galaxy:sector=\"News - Media\""],"Oil":["misp-galaxy:sector=\"Oil\""],"Online marketplace":["misp-galaxy:sector=\"Online marketplace\""],"Opposition":["misp-galaxy:sector=\"Opposition\""],"Other":["misp-galaxy:sector=\"Other\""],"Payment":["misp-galaxy:sector=\"Payment\""],"Petrochemical":["misp-galaxy:sector=\"Petrochemical\""],"Pharmacy":["misp-galaxy:sector=\"Pharmacy\""],"Police - Law enforcement":["misp-galaxy:sector=\"Police - Law enforcement\""],"Political party":["misp-galaxy:sector=\"Political party\""],"Programming":["misp-galaxy:sector=\"Programming\""],"Publishing industry":["misp-galaxy:sector=\"Publishing industry\""],"Railway":["misp-galaxy:sector=\"Railway\""],"Research - Innovation":["misp-galaxy:sector=\"Research - Innovation\""],"Restaurant":["misp-galaxy:sector=\"Restaurant\""],"Retail":["misp-galaxy:sector=\"Retail\""],"Satellite navigation":["misp-galaxy:sector=\"Satellite navigation\""],"Security Service":["misp-galaxy:sector=\"Security Service\""],"Security actors":["misp-galaxy:sector=\"Security actors\""],"Security systems":["misp-galaxy:sector=\"Security systems\""],"Semi-conductors":["misp-galaxy:sector=\"Semi-conductors\""],"Separatists":["misp-galaxy:sector=\"Separatists\""],"Shipping":["misp-galaxy:sector=\"Shipping\""],"Smart meter":["misp-galaxy:sector=\"Smart meter\""],"Social networks":["misp-galaxy:sector=\"Social networks\""],"Space":["misp-galaxy:sector=\"Space\""],"Steel":["misp-galaxy:sector=\"Steel\""],"Streaming service":["misp-galaxy:sector=\"Streaming service\""],"Tax firm":["misp-galaxy:sector=\"Tax firm\""],"Technology":["misp-galaxy:sector=\"Technology\""],"Telecoms":["misp-galaxy:sector=\"Telecoms\""],"Television broadcast":["misp-galaxy:sector=\"Television broadcast\""],"Think Tanks":["misp-galaxy:sector=\"Think Tanks\""],"Tourism":["misp-galaxy:sector=\"Tourism\""],"Trade":["misp-galaxy:sector=\"Trade\""],"Transport":["misp-galaxy:sector=\"Transport\""],"Travel":["misp-galaxy:sector=\"Travel\""],"Turbine":["misp-galaxy:sector=\"Turbine\""],"Veterinary":["misp-galaxy:sector=\"Veterinary\""],"Video Sharing":["misp-galaxy:sector=\"Video Sharing\""],"Water":["misp-galaxy:sector=\"Water\""],"eCommerce":["misp-galaxy:sector=\"eCommerce\""],"engineering":["misp-galaxy:sector=\"engineering\""],"AZORult":["misp-galaxy:stealer=\"AZORult\""],"TeleGrab":["misp-galaxy:stealer=\"TeleGrab\""],"Vidar":["misp-galaxy:stealer=\"Vidar\""],"BlackHat TDS":["misp-galaxy:tds=\"BlackHat TDS\""],"BlackTDS":["misp-galaxy:tds=\"BlackTDS\""],"BossTDS":["misp-galaxy:tds=\"BossTDS\""],"Futuristic TDS":["misp-galaxy:tds=\"Futuristic TDS\""],"Keitaro":["misp-galaxy:tds=\"Keitaro\""],"Orchid TDS":["misp-galaxy:tds=\"Orchid TDS\""],"ShadowTDS":["misp-galaxy:tds=\"ShadowTDS\""],"SimpleTDS":["misp-galaxy:tds=\"SimpleTDS\""],"Stds":["misp-galaxy:tds=\"SimpleTDS\""],"Sutra":["misp-galaxy:tds=\"Sutra\""],"zTDS":["misp-galaxy:tds=\"zTDS\""]," Stealth Mango and Tangelo ":["misp-galaxy:threat-actor=\" Stealth Mango and Tangelo \""],"ALLANITE":["misp-galaxy:threat-actor=\"ALLANITE\""],"Palmetto Fusion":["misp-galaxy:threat-actor=\"ALLANITE\""],"Allanite":["misp-galaxy:threat-actor=\"ALLANITE\""],"APT 16":["misp-galaxy:threat-actor=\"APT 16\""],"SVCMONDR":["misp-galaxy:threat-actor=\"APT 16\"","misp-galaxy:threat-actor=\"SVCMONDR\""],"APT 22":["misp-galaxy:threat-actor=\"APT 22\""],"APT22":["misp-galaxy:threat-actor=\"APT 22\""],"APT 26":["misp-galaxy:threat-actor=\"APT 26\""],"APT26":["misp-galaxy:threat-actor=\"APT 26\""],"Hippo Team":["misp-galaxy:threat-actor=\"APT 26\"","misp-galaxy:threat-actor=\"Turla Group\""],"JerseyMikes":["misp-galaxy:threat-actor=\"APT 26\""],"Turbine Panda":["misp-galaxy:threat-actor=\"APT 26\""],"APT 29":["misp-galaxy:threat-actor=\"APT 29\""],"Dukes":["misp-galaxy:threat-actor=\"APT 29\""],"Group 100":["misp-galaxy:threat-actor=\"APT 29\""],"Cozy Duke":["misp-galaxy:threat-actor=\"APT 29\""],"Office Monkeys":["misp-galaxy:threat-actor=\"APT 29\""],"OfficeMonkeys":["misp-galaxy:threat-actor=\"APT 29\""],"Minidionis":["misp-galaxy:threat-actor=\"APT 29\""],"Hammer Toss":["misp-galaxy:threat-actor=\"APT 29\""],"Iron Hemlock":["misp-galaxy:threat-actor=\"APT 29\""],"Grizzly Steppe":["misp-galaxy:threat-actor=\"APT 29\"","misp-galaxy:threat-actor=\"Sofacy\""],"APT 30":["misp-galaxy:threat-actor=\"APT 30\"","misp-galaxy:threat-actor=\"Naikon\""],"APT 6":["misp-galaxy:threat-actor=\"APT 6\""],"1.php Group":["misp-galaxy:threat-actor=\"APT 6\""],"APT6":["misp-galaxy:threat-actor=\"APT 6\""],"APT-C-27":["misp-galaxy:threat-actor=\"APT-C-27\""],"GoldMouse":["misp-galaxy:threat-actor=\"APT-C-27\""],"APT-C-35":["misp-galaxy:threat-actor=\"APT-C-35\"","misp-galaxy:threat-actor=\"APT-C-35\""],"DoNot Team":["misp-galaxy:threat-actor=\"APT-C-35\""],"Donot Team":["misp-galaxy:threat-actor=\"APT-C-35\""],"APT-C-36":["misp-galaxy:threat-actor=\"APT-C-36\""],"Blind Eagle":["misp-galaxy:threat-actor=\"APT-C-36\""],"APT.3102":["misp-galaxy:threat-actor=\"APT.3102\""],"APT31":["misp-galaxy:threat-actor=\"APT31\"","misp-galaxy:threat-actor=\"Hurricane Panda\""],"APT 31":["misp-galaxy:threat-actor=\"APT31\"","misp-galaxy:threat-actor=\"Hurricane Panda\""],"Ocean Lotus":["misp-galaxy:threat-actor=\"APT32\""],"Cobalt Kitty":["misp-galaxy:threat-actor=\"APT32\""],"Sea Lotus":["misp-galaxy:threat-actor=\"APT32\""],"APT-32":["misp-galaxy:threat-actor=\"APT32\""],"APT 32":["misp-galaxy:threat-actor=\"APT32\""],"Ocean Buffalo":["misp-galaxy:threat-actor=\"APT32\""],"APT 33":["misp-galaxy:threat-actor=\"APT33\""],"MAGNALLIUM":["misp-galaxy:threat-actor=\"APT33\"","misp-galaxy:threat-actor=\"MAGNALLIUM\""],"Refined Kitten":["misp-galaxy:threat-actor=\"APT33\""],"APT 34":["misp-galaxy:threat-actor=\"APT34\"","misp-galaxy:threat-actor=\"OilRig\""],"APT 35":["misp-galaxy:threat-actor=\"APT35\"","misp-galaxy:threat-actor=\"Cleaver\""],"Newscaster Team":["misp-galaxy:threat-actor=\"APT35\""],"APT 37":["misp-galaxy:threat-actor=\"APT37\""],"Group 123":["misp-galaxy:threat-actor=\"APT37\""],"Starcruft":["misp-galaxy:threat-actor=\"APT37\""],"Reaper Group":["misp-galaxy:threat-actor=\"APT37\""],"Red Eyes":["misp-galaxy:threat-actor=\"APT37\""],"Ricochet Chollima":["misp-galaxy:threat-actor=\"APT37\""],"Operation Daybreak":["misp-galaxy:threat-actor=\"APT37\"","misp-galaxy:threat-actor=\"ScarCruft\""],"Operation Erebus":["misp-galaxy:threat-actor=\"APT37\"","misp-galaxy:threat-actor=\"ScarCruft\""],"Venus 121":["misp-galaxy:threat-actor=\"APT37\""],"APT 39":["misp-galaxy:threat-actor=\"APT39\""],"APT5":["misp-galaxy:threat-actor=\"APT5\""],"Anchor Panda":["misp-galaxy:threat-actor=\"Anchor Panda\"","misp-galaxy:tool=\"Torn RAT\""],"APT14":["misp-galaxy:threat-actor=\"Anchor Panda\""],"APT 14":["misp-galaxy:threat-actor=\"Anchor Panda\""],"QAZTeam":["misp-galaxy:threat-actor=\"Anchor Panda\""],"ALUMINUM":["misp-galaxy:threat-actor=\"Anchor Panda\""],"Andromeda Spider":["misp-galaxy:threat-actor=\"Andromeda Spider\""],"AridViper":["misp-galaxy:threat-actor=\"AridViper\""],"Desert Falcon":["misp-galaxy:threat-actor=\"AridViper\""],"Arid Viper":["misp-galaxy:threat-actor=\"AridViper\""],"APT-C-23":["misp-galaxy:threat-actor=\"AridViper\""],"Aslan Neferler Tim":["misp-galaxy:threat-actor=\"Aslan Neferler Tim\""],"Lion Soldiers Team":["misp-galaxy:threat-actor=\"Aslan Neferler Tim\""],"Phantom Turk":["misp-galaxy:threat-actor=\"Aslan Neferler Tim\""],"Aurora Panda":["misp-galaxy:threat-actor=\"Aurora Panda\""],"APT 17":["misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Group 8":["misp-galaxy:threat-actor=\"Aurora Panda\""],"Hidden Lynx":["misp-galaxy:threat-actor=\"Aurora Panda\""],"Tailgater Team":["misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Dogfish":["misp-galaxy:threat-actor=\"Aurora Panda\"","misp-galaxy:threat-actor=\"Axiom\""],"Group72":["misp-galaxy:threat-actor=\"Axiom\""],"Tailgater":["misp-galaxy:threat-actor=\"Axiom\""],"Ragebeast":["misp-galaxy:threat-actor=\"Axiom\""],"Lead":["misp-galaxy:threat-actor=\"Axiom\""],"Wicked Spider":["misp-galaxy:threat-actor=\"Axiom\""],"Wicked Panda":["misp-galaxy:threat-actor=\"Axiom\""],"Barium":["misp-galaxy:threat-actor=\"Axiom\""],"Ayy\u0131ld\u0131z Tim":["misp-galaxy:threat-actor=\"Ayy\u0131ld\u0131z Tim\""],"Crescent and Star":["misp-galaxy:threat-actor=\"Ayy\u0131ld\u0131z Tim\""],"Bahamut":["misp-galaxy:threat-actor=\"Bahamut\""],"SIG22":["misp-galaxy:threat-actor=\"Beijing Group\""],"Big Panda":["misp-galaxy:threat-actor=\"Big Panda\""],"BlackTech":["misp-galaxy:threat-actor=\"BlackTech\""],"Blackgear":["misp-galaxy:threat-actor=\"Blackgear\""],"Topgear":["misp-galaxy:threat-actor=\"Blackgear\""],"BLACKGEAR":["misp-galaxy:threat-actor=\"Blackgear\""],"Blue Termite":["misp-galaxy:threat-actor=\"Blue Termite\""],"Cloudy Omega":["misp-galaxy:threat-actor=\"Blue Termite\""],"Boss Spider":["misp-galaxy:threat-actor=\"Boss Spider\""],"Boulder Bear":["misp-galaxy:threat-actor=\"Boulder Bear\""],"BuhTrap":["misp-galaxy:threat-actor=\"BuhTrap\""],"CHRYSENE":["misp-galaxy:threat-actor=\"CHRYSENE\""],"Greenbug":["misp-galaxy:threat-actor=\"CHRYSENE\"","misp-galaxy:threat-actor=\"Greenbug\""],"COBALT DICKENS":["misp-galaxy:threat-actor=\"COBALT DICKENS\"","misp-galaxy:threat-actor=\"Silent Librarian\""],"Cobalt Dickens":["misp-galaxy:threat-actor=\"COBALT DICKENS\""],"COVELLITE":["misp-galaxy:threat-actor=\"COVELLITE\""],"Lazarus":["misp-galaxy:threat-actor=\"COVELLITE\""],"Hidden Cobra":["misp-galaxy:threat-actor=\"COVELLITE\"","misp-galaxy:threat-actor=\"Lazarus Group\""],"Callisto":["misp-galaxy:threat-actor=\"Callisto\""],"The Mask":["misp-galaxy:threat-actor=\"Careto\""],"Ugly Face":["misp-galaxy:threat-actor=\"Careto\""],"Parastoo":["misp-galaxy:threat-actor=\"Charming Kitten\""],"iKittens":["misp-galaxy:threat-actor=\"Charming Kitten\""],"Group 83":["misp-galaxy:threat-actor=\"Charming Kitten\""],"Newsbeef":["misp-galaxy:threat-actor=\"Charming Kitten\""],"NewsBeef":["misp-galaxy:threat-actor=\"Charming Kitten\""],"Operation Cleaver":["misp-galaxy:threat-actor=\"Cleaver\""],"Tarh Andishan":["misp-galaxy:threat-actor=\"Cleaver\""],"Alibaba":["misp-galaxy:threat-actor=\"Cleaver\""],"2889":["misp-galaxy:threat-actor=\"Cleaver\""],"Rocket_Kitten":["misp-galaxy:threat-actor=\"Cleaver\""],"Cutting Kitten":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"Group 41":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Clever Kitten\""],"TEMP.Beanie":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Rocket Kitten\""],"Ghambar":["misp-galaxy:threat-actor=\"Cleaver\"","misp-galaxy:threat-actor=\"Cutting Kitten\""],"Clever Kitten":["misp-galaxy:threat-actor=\"Clever Kitten\""],"Cloud Atlas":["misp-galaxy:threat-actor=\"Cloud Atlas\""],"Cobalt":["misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt group":["misp-galaxy:threat-actor=\"Cobalt\""],"Cobalt gang":["misp-galaxy:threat-actor=\"Cobalt\""],"GOLD KINGSWOOD":["misp-galaxy:threat-actor=\"Cobalt\""],"C0d0so":["misp-galaxy:threat-actor=\"Codoso\""],"APT 19":["misp-galaxy:threat-actor=\"Codoso\"","misp-galaxy:threat-actor=\"Shell Crew\""],"Cold River":["misp-galaxy:threat-actor=\"Cold River\""],"Nahr Elbard":["misp-galaxy:threat-actor=\"Cold River\""],"Nahr el bared":["misp-galaxy:threat-actor=\"Cold River\""],"PLA Unit 61398":["misp-galaxy:threat-actor=\"Comment Crew\""],"APT 1":["misp-galaxy:threat-actor=\"Comment Crew\""],"Advanced Persistent Threat 1":["misp-galaxy:threat-actor=\"Comment Crew\""],"Byzantine Candor":["misp-galaxy:threat-actor=\"Comment Crew\""],"Group 3":["misp-galaxy:threat-actor=\"Comment Crew\""],"TG-8223":["misp-galaxy:threat-actor=\"Comment Crew\""],"Brown Fox":["misp-galaxy:threat-actor=\"Comment Crew\""],"GIF89a":["misp-galaxy:threat-actor=\"Comment Crew\""],"ShadyRAT":["misp-galaxy:threat-actor=\"Comment Crew\""],"Shanghai Group":["misp-galaxy:threat-actor=\"Comment Crew\""],"Slayer Kitten":["misp-galaxy:threat-actor=\"CopyKittens\""],"Corsair Jackal":["misp-galaxy:threat-actor=\"Corsair Jackal\""],"TunisianCyberArmy":["misp-galaxy:threat-actor=\"Corsair Jackal\""],"ITSecTeam":["misp-galaxy:threat-actor=\"Cutting Kitten\""],"Cyber Berkut":["misp-galaxy:threat-actor=\"Cyber Berkut\""],"Cyber Caliphate Army":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"Islamic State Hacking Division":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"CCA":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"United Cyber Caliphate":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"UUC":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"CyberCaliphate":["misp-galaxy:threat-actor=\"Cyber Caliphate Army\""],"Cyber fighters of Izz Ad-Din Al Qassam":["misp-galaxy:threat-actor=\"Cyber fighters of Izz Ad-Din Al Qassam\""],"Fraternal Jackal":["misp-galaxy:threat-actor=\"Cyber fighters of Izz Ad-Din Al Qassam\""],"DYMALLOY":["misp-galaxy:threat-actor=\"DYMALLOY\""],"Dragonfly2":["misp-galaxy:threat-actor=\"DYMALLOY\""],"Berserker Bear":["misp-galaxy:threat-actor=\"DYMALLOY\""],"Danti":["misp-galaxy:threat-actor=\"Danti\""],"Fallout Team":["misp-galaxy:threat-actor=\"DarkHotel\""],"Karba":["misp-galaxy:threat-actor=\"DarkHotel\""],"Luder":["misp-galaxy:threat-actor=\"DarkHotel\""],"Nemin":["misp-galaxy:threat-actor=\"DarkHotel\""],"Pioneer":["misp-galaxy:threat-actor=\"DarkHotel\""],"Shadow Crane":["misp-galaxy:threat-actor=\"DarkHotel\""],"APT-C-06":["misp-galaxy:threat-actor=\"DarkHotel\""],"SIG25":["misp-galaxy:threat-actor=\"DarkHotel\""],"LazyMeerkat":["misp-galaxy:threat-actor=\"DarkHydrus\""],"DarkVishnya":["misp-galaxy:threat-actor=\"DarkVishnya\""],"Deadeye Jackal":["misp-galaxy:threat-actor=\"Deadeye Jackal\""],"SyrianElectronicArmy":["misp-galaxy:threat-actor=\"Deadeye Jackal\""],"SEA":["misp-galaxy:threat-actor=\"Deadeye Jackal\""],"Dextorous Spider":["misp-galaxy:threat-actor=\"Dextorous Spider\""],"Dizzy Panda":["misp-galaxy:threat-actor=\"Dizzy Panda\""],"LadyBoyle":["misp-galaxy:threat-actor=\"Dizzy Panda\""],"Domestic Kitten":["misp-galaxy:threat-actor=\"Domestic Kitten\""],"Monsoon":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"Sarit":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"Quilted Tiger":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"APT-C-09":["misp-galaxy:threat-actor=\"Dropping Elephant\""],"Dungeon Spider":["misp-galaxy:threat-actor=\"Dungeon Spider\""],"ELECTRUM":["misp-galaxy:threat-actor=\"ELECTRUM\""],"Sandworm":["misp-galaxy:threat-actor=\"ELECTRUM\"","misp-galaxy:threat-actor=\"Sandworm\"","misp-galaxy:threat-actor=\"TeleBots\""],"Electric Panda":["misp-galaxy:threat-actor=\"Electric Panda\""],"Eloquent Panda":["misp-galaxy:threat-actor=\"Eloquent Panda\""],"APT 27":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"TEMP.Hippo":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Group 35":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"Bronze Union":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"ZipToken":["misp-galaxy:threat-actor=\"Emissary Panda\"","misp-galaxy:threat-actor=\"LuckyMouse\""],"HIPPOTeam":["misp-galaxy:threat-actor=\"Emissary Panda\""],"Operation Iron Tiger":["misp-galaxy:threat-actor=\"Emissary Panda\""],"Iron Tiger APT":["misp-galaxy:threat-actor=\"Emissary Panda\""],"Crouching Yeti":["misp-galaxy:threat-actor=\"Energetic Bear\""],"Group 24":["misp-galaxy:threat-actor=\"Energetic Bear\""],"CrouchingYeti":["misp-galaxy:threat-actor=\"Energetic Bear\""],"Koala Team":["misp-galaxy:threat-actor=\"Energetic Bear\""],"Equation Group":["misp-galaxy:threat-actor=\"Equation Group\""],"Tilded Team":["misp-galaxy:threat-actor=\"Equation Group\""],"Lamberts":["misp-galaxy:threat-actor=\"Equation Group\"","misp-galaxy:threat-actor=\"Longhorn\""],"EQGRP":["misp-galaxy:threat-actor=\"Equation Group\""],"Longhorn":["misp-galaxy:threat-actor=\"Equation Group\"","misp-galaxy:threat-actor=\"Longhorn\""],"EvilPost":["misp-galaxy:threat-actor=\"EvilPost\""],"EvilTraffic":["misp-galaxy:threat-actor=\"EvilTraffic\""],"Operation EvilTraffic":["misp-galaxy:threat-actor=\"EvilTraffic\""],"FASTCash":["misp-galaxy:threat-actor=\"FASTCash\"","misp-galaxy:tool=\"FASTCash\""],"Skeleton Spider":["misp-galaxy:threat-actor=\"FIN6\"","misp-galaxy:threat-actor=\"Skeleton Spider\""],"Flash Kitten":["misp-galaxy:threat-actor=\"Flash Kitten\""],"Flying Kitten":["misp-galaxy:threat-actor=\"Flying Kitten\""],"SaffronRose":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Saffron Rose":["misp-galaxy:threat-actor=\"Flying Kitten\""],"AjaxSecurityTeam":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Group 26":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Sayad":["misp-galaxy:threat-actor=\"Flying Kitten\""],"Foxy Panda":["misp-galaxy:threat-actor=\"Foxy Panda\""],"Fxmsp":["misp-galaxy:threat-actor=\"Fxmsp\""],"GC01":["misp-galaxy:threat-actor=\"GC01\""],"Golden Chickens":["misp-galaxy:threat-actor=\"GC01\"","misp-galaxy:threat-actor=\"GC02\""],"Golden Chickens01":["misp-galaxy:threat-actor=\"GC01\""],"Golden Chickens 01":["misp-galaxy:threat-actor=\"GC01\""],"GC02":["misp-galaxy:threat-actor=\"GC02\""],"Golden Chickens02":["misp-galaxy:threat-actor=\"GC02\""],"Golden Chickens 02":["misp-galaxy:threat-actor=\"GC02\""],"GRIM SPIDER":["misp-galaxy:threat-actor=\"GRIM SPIDER\""],"Ghost Jackal":["misp-galaxy:threat-actor=\"Ghost Jackal\""],"GhostNet":["misp-galaxy:threat-actor=\"GhostNet\""],"Snooping Dragon":["misp-galaxy:threat-actor=\"GhostNet\""],"Gibberish Panda":["misp-galaxy:threat-actor=\"Gibberish Panda\""],"Gnosticplayers":["misp-galaxy:threat-actor=\"Gnosticplayers\""],"Groundbait":["misp-galaxy:threat-actor=\"Groundbait\""],"Group 27":["misp-galaxy:threat-actor=\"Group 27\""],"Guru Spider":["misp-galaxy:threat-actor=\"Guru Spider\""],"Hacking Team":["misp-galaxy:threat-actor=\"Hacking Team\""],"Hammer Panda":["misp-galaxy:threat-actor=\"Hammer Panda\""],"Zhenbao":["misp-galaxy:threat-actor=\"Hammer Panda\""],"TEMP.Zhenbao":["misp-galaxy:threat-actor=\"Hammer Panda\""],"Hellsing":["misp-galaxy:threat-actor=\"Hellsing\"","misp-galaxy:threat-actor=\"Naikon\""],"Goblin Panda":["misp-galaxy:threat-actor=\"Hellsing\""],"Cycldek":["misp-galaxy:threat-actor=\"Hellsing\""],"HookAds":["misp-galaxy:threat-actor=\"HookAds\""],"Hurricane Panda":["misp-galaxy:threat-actor=\"Hurricane Panda\""],"TEMP.Avengers":["misp-galaxy:threat-actor=\"Hurricane Panda\""],"Zirconium":["misp-galaxy:threat-actor=\"Hurricane Panda\""],"INDRIK SPIDER":["misp-galaxy:threat-actor=\"INDRIK SPIDER\""],"IRIDIUM":["misp-galaxy:threat-actor=\"IRIDIUM\""],"TG-2754":["misp-galaxy:threat-actor=\"IXESHE\""],"BeeBus":["misp-galaxy:threat-actor=\"IXESHE\""],"Group 22":["misp-galaxy:threat-actor=\"IXESHE\""],"Calc Team":["misp-galaxy:threat-actor=\"IXESHE\""],"DNSCalc":["misp-galaxy:threat-actor=\"IXESHE\""],"Crimson Iron":["misp-galaxy:threat-actor=\"IXESHE\""],"APT 12":["misp-galaxy:threat-actor=\"IXESHE\""],"Ice Fog":["misp-galaxy:threat-actor=\"Ice Fog\""],"IceFog":["misp-galaxy:threat-actor=\"Ice Fog\""],"Dagger Panda":["misp-galaxy:threat-actor=\"Ice Fog\""],"Impersonating Panda":["misp-galaxy:threat-actor=\"Impersonating Panda\""],"Inception Framework":["misp-galaxy:threat-actor=\"Inception Framework\""],"Operation Mermaid":["misp-galaxy:threat-actor=\"Infy\""],"Prince of Persia":["misp-galaxy:threat-actor=\"Infy\""],"Iron Group":["misp-galaxy:threat-actor=\"Iron Group\""],"Iron Cyber Group":["misp-galaxy:threat-actor=\"Iron Group\""],"Judgment Panda":["misp-galaxy:threat-actor=\"Judgment Panda\""],"Karma Panda":["misp-galaxy:threat-actor=\"Karma Panda\""],"Keyhole Panda":["misp-galaxy:threat-actor=\"Keyhole Panda\""],"temp.bottle":["misp-galaxy:threat-actor=\"Keyhole Panda\""],"Kimsuki":["misp-galaxy:threat-actor=\"Kimsuki\""],"Kimsuky":["misp-galaxy:threat-actor=\"Kimsuki\""],"Velvet Chollima":["misp-galaxy:threat-actor=\"Kimsuki\""],"Kryptonite Panda":["misp-galaxy:threat-actor=\"Kryptonite Panda\""],"Operation DarkSeoul":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Dark Seoul":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Hastati Group":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Andariel":["misp-galaxy:threat-actor=\"Lazarus Group\"","misp-galaxy:threat-actor=\"Silent Chollima\""],"Unit 121":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Bureau 121":["misp-galaxy:threat-actor=\"Lazarus Group\""],"NewRomanic Cyber Army Team":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Bluenoroff":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Subgroup: Bluenoroff":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Group 77":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Labyrinth Chollima":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Operation Troy":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Operation GhostSecret":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Operation AppleJeus":["misp-galaxy:threat-actor=\"Lazarus Group\""],"APT 38":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Stardust Chollima":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Whois Hacking Team":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Zinc":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Appleworm":["misp-galaxy:threat-actor=\"Lazarus Group\""],"Nickel Academy":["misp-galaxy:threat-actor=\"Lazarus Group\""],"APT-C-26":["misp-galaxy:threat-actor=\"Lazarus Group\""],"APT 40":["misp-galaxy:threat-actor=\"Leviathan\""],"BRONZE MOHAWK":["misp-galaxy:threat-actor=\"Leviathan\""],"Libyan Scorpions":["misp-galaxy:threat-actor=\"Libyan Scorpions\""],"the Lamberts":["misp-galaxy:threat-actor=\"Longhorn\""],"ST Group":["misp-galaxy:threat-actor=\"Lotus Blossom\""],"Esile":["misp-galaxy:threat-actor=\"Lotus Blossom\""],"Lotus Panda":["misp-galaxy:threat-actor=\"Lotus Panda\"","misp-galaxy:threat-actor=\"Naikon\""],"Lucky Cat":["misp-galaxy:threat-actor=\"Lucky Cat\""],"Threat Group 3390":["misp-galaxy:threat-actor=\"LuckyMouse\""],"Lunar Spider":["misp-galaxy:threat-actor=\"Lunar Spider\""],"MUMMY SPIDER":["misp-galaxy:threat-actor=\"MUMMY SPIDER\""],"TA542":["misp-galaxy:threat-actor=\"MUMMY SPIDER\""],"Mummy Spider":["misp-galaxy:threat-actor=\"MUMMY SPIDER\""],"Madi":["misp-galaxy:threat-actor=\"Madi\""],"MageCart":["misp-galaxy:threat-actor=\"MageCart\""],"Magic Kitten":["misp-galaxy:threat-actor=\"Magic Kitten\""],"Group 42":["misp-galaxy:threat-actor=\"Magic Kitten\""],"Magnetic Spider":["misp-galaxy:threat-actor=\"Magnetic Spider\""],"Malware reusers":["misp-galaxy:threat-actor=\"Malware reusers\"","misp-galaxy:threat-actor=\"Volatile Cedar\""],"Reuse team":["misp-galaxy:threat-actor=\"Malware reusers\"","misp-galaxy:threat-actor=\"Volatile Cedar\""],"Dancing Salome":["misp-galaxy:threat-actor=\"Malware reusers\"","misp-galaxy:threat-actor=\"Volatile Cedar\""],"Mana Team":["misp-galaxy:threat-actor=\"Mana Team\""],"Maverick Panda":["misp-galaxy:threat-actor=\"Maverick Panda\""],"PLA Navy":["misp-galaxy:threat-actor=\"Maverick Panda\"","misp-galaxy:threat-actor=\"Samurai Panda\"","misp-galaxy:threat-actor=\"Wekby\""],"Ke3Chang":["misp-galaxy:threat-actor=\"Mirage\""],"APT 15":["misp-galaxy:threat-actor=\"Mirage\""],"Metushy":["misp-galaxy:threat-actor=\"Mirage\""],"Social Network Team":["misp-galaxy:threat-actor=\"Mirage\""],"Royal APT":["misp-galaxy:threat-actor=\"Mirage\""],"Mofang":["misp-galaxy:threat-actor=\"Mofang\""],"Superman":["misp-galaxy:threat-actor=\"Mofang\""],"Gaza Hackers Team":["misp-galaxy:threat-actor=\"Molerats\""],"Gaza cybergang":["misp-galaxy:threat-actor=\"Molerats\""],"Extreme Jackal":["misp-galaxy:threat-actor=\"Molerats\""],"Moonlight":["misp-galaxy:threat-actor=\"Molerats\""],"MoneyTaker":["misp-galaxy:threat-actor=\"MoneyTaker\""],"Static Kitten":["misp-galaxy:threat-actor=\"MuddyWater\""],"Mustang Panda":["misp-galaxy:threat-actor=\"Mustang Panda\""],"PLA Unit 78020":["misp-galaxy:threat-actor=\"Naikon\""],"Override Panda":["misp-galaxy:threat-actor=\"Naikon\""],"Camerashy":["misp-galaxy:threat-actor=\"Naikon\""],"APT.Naikon":["misp-galaxy:threat-actor=\"Naikon\""],"APT 21":["misp-galaxy:threat-actor=\"NetTraveler\""],"APT21":["misp-galaxy:threat-actor=\"NetTraveler\""],"Nexus Zeta":["misp-galaxy:threat-actor=\"Nexus Zeta\""],"Nightshade Panda":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"APT 9":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Flowerlady\/Flowershow":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Flowerlady":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Flowershow":["misp-galaxy:threat-actor=\"Nightshade Panda\""],"Nitro":["misp-galaxy:threat-actor=\"Nitro\""],"Covert Grove":["misp-galaxy:threat-actor=\"Nitro\""],"Nomad Panda":["misp-galaxy:threat-actor=\"Nomad Panda\""],"Twisted Kitten":["misp-galaxy:threat-actor=\"OilRig\""],"Crambus":["misp-galaxy:threat-actor=\"OilRig\""],"Helix Kitten":["misp-galaxy:threat-actor=\"OilRig\""],"OnionDog":["misp-galaxy:threat-actor=\"OnionDog\""],"Operation BugDrop":["misp-galaxy:threat-actor=\"Operation BugDrop\""],"Operation C-Major":["misp-galaxy:threat-actor=\"Operation C-Major\""],"Mythic Leopard":["misp-galaxy:threat-actor=\"Operation C-Major\""],"ProjectM":["misp-galaxy:threat-actor=\"Operation C-Major\""],"APT36":["misp-galaxy:threat-actor=\"Operation C-Major\""],"APT 36":["misp-galaxy:threat-actor=\"Operation C-Major\""],"TMP.Lapis":["misp-galaxy:threat-actor=\"Operation C-Major\""],"Operation Comando":["misp-galaxy:threat-actor=\"Operation Comando\""],"Operation Kabar Cobra":["misp-galaxy:threat-actor=\"Operation Kabar Cobra\""],"Operation Parliament":["misp-galaxy:threat-actor=\"Operation Parliament\""],"Operation Poison Needles":["misp-galaxy:threat-actor=\"Operation Poison Needles\""],"Operation ShadowHammer":["misp-galaxy:threat-actor=\"Operation ShadowHammer\""],"Operation Sharpshooter":["misp-galaxy:threat-actor=\"Operation Sharpshooter\""],"OurMine":["misp-galaxy:threat-actor=\"OurMine\""],"TwoForOne":["misp-galaxy:threat-actor=\"PLATINUM\""],"Pacha Group":["misp-galaxy:threat-actor=\"Pacha Group\""],"Pacifier APT":["misp-galaxy:threat-actor=\"Pacifier APT\"","misp-galaxy:threat-actor=\"Turla Group\""],"Skipper":["misp-galaxy:threat-actor=\"Pacifier APT\""],"Popeye":["misp-galaxy:threat-actor=\"Pacifier APT\"","misp-galaxy:threat-actor=\"Turla Group\""],"Packrat":["misp-galaxy:threat-actor=\"Packrat\""],"Pale Panda":["misp-galaxy:threat-actor=\"Pale Panda\""],"PassCV":["misp-galaxy:threat-actor=\"PassCV\""],"Pinchy Spider":["misp-galaxy:threat-actor=\"Pinchy Spider\""],"Pirate Panda":["misp-galaxy:threat-actor=\"Pirate Panda\""],"APT23":["misp-galaxy:threat-actor=\"Pirate Panda\""],"APT 23":["misp-galaxy:threat-actor=\"Pirate Panda\""],"Pitty Panda":["misp-galaxy:threat-actor=\"Pitty Panda\""],"MANGANESE":["misp-galaxy:threat-actor=\"Pitty Panda\""],"Pizzo Spider":["misp-galaxy:threat-actor=\"Pizzo Spider\""],"DD4BC":["misp-galaxy:threat-actor=\"Pizzo Spider\""],"Ambiorx":["misp-galaxy:threat-actor=\"Pizzo Spider\""],"Poisonous Panda":["misp-galaxy:threat-actor=\"Poisonous Panda\""],"Predator Panda":["misp-galaxy:threat-actor=\"Predator Panda\""],"Sauron":["misp-galaxy:threat-actor=\"ProjectSauron\""],"Project Sauron":["misp-galaxy:threat-actor=\"ProjectSauron\""],"PLA Unit 61486":["misp-galaxy:threat-actor=\"Putter Panda\""],"APT 2":["misp-galaxy:threat-actor=\"Putter Panda\""],"Group 36":["misp-galaxy:threat-actor=\"Putter Panda\""],"APT-2":["misp-galaxy:threat-actor=\"Putter Panda\""],"4HCrew":["misp-galaxy:threat-actor=\"Putter Panda\""],"SULPHUR":["misp-galaxy:threat-actor=\"Putter Panda\""],"SearchFire":["misp-galaxy:threat-actor=\"Putter Panda\""],"TG-6952":["misp-galaxy:threat-actor=\"Putter Panda\""],"RANCOR":["misp-galaxy:threat-actor=\"RANCOR\""],"Rancor group":["misp-galaxy:threat-actor=\"RANCOR\""],"Rancor Group":["misp-galaxy:threat-actor=\"RANCOR\""],"RASPITE":["misp-galaxy:threat-actor=\"RASPITE\""],"LeafMiner":["misp-galaxy:threat-actor=\"RASPITE\""],"Radio Panda":["misp-galaxy:threat-actor=\"Radio Panda\""],"Shrouded Crossbow":["misp-galaxy:threat-actor=\"Radio Panda\""],"Ratpak Spider":["misp-galaxy:threat-actor=\"Ratpak Spider\""],"Rebel Jackal":["misp-galaxy:threat-actor=\"Rebel Jackal\""],"FallagaTeam":["misp-galaxy:threat-actor=\"Rebel Jackal\""],"Red October":["misp-galaxy:threat-actor=\"Red October\""],"the Rocra":["misp-galaxy:threat-actor=\"Red October\""],"Roaming Mantis Group":["misp-galaxy:threat-actor=\"Roaming Mantis\""],"Roaming Tiger":["misp-galaxy:threat-actor=\"Roaming Tiger\""],"Rocke":["misp-galaxy:threat-actor=\"Rocke\""],"Operation Woolen Goldfish":["misp-galaxy:threat-actor=\"Rocket Kitten\""],"Thamar Reservoir":["misp-galaxy:threat-actor=\"Rocket Kitten\""],"Timberworm":["misp-galaxy:threat-actor=\"Rocket Kitten\""],"SNOWGLOBE":["misp-galaxy:threat-actor=\"SNOWGLOBE\""],"Animal Farm":["misp-galaxy:threat-actor=\"SNOWGLOBE\""],"Snowglobe":["misp-galaxy:threat-actor=\"SNOWGLOBE\""],"STARDUST CHOLLIMA":["misp-galaxy:threat-actor=\"STARDUST CHOLLIMA\""],"STOLEN PENCIL":["misp-galaxy:threat-actor=\"STOLEN PENCIL\""],"Sabre Panda":["misp-galaxy:threat-actor=\"Sabre Panda\""],"Salty Spider":["misp-galaxy:threat-actor=\"Salty Spider\""],"Samurai Panda":["misp-galaxy:threat-actor=\"Samurai Panda\""],"APT4":["misp-galaxy:threat-actor=\"Samurai Panda\""],"APT 4":["misp-galaxy:threat-actor=\"Samurai Panda\""],"Wisp Team":["misp-galaxy:threat-actor=\"Samurai Panda\""],"Getkys":["misp-galaxy:threat-actor=\"Samurai Panda\""],"SykipotGroup":["misp-galaxy:threat-actor=\"Samurai Panda\""],"Wkysol":["misp-galaxy:threat-actor=\"Samurai Panda\""],"SandCat":["misp-galaxy:threat-actor=\"SandCat\""],"Sands Casino":["misp-galaxy:threat-actor=\"Sands Casino\""],"Voodoo Bear":["misp-galaxy:threat-actor=\"Sandworm\""],"TEMP.Noble":["misp-galaxy:threat-actor=\"Sandworm\""],"Iron Viking":["misp-galaxy:threat-actor=\"Sandworm\""],"Sath-\u0131 M\u00fcdafaa":["misp-galaxy:threat-actor=\"Sath-\u0131 M\u00fcdafaa\""],"Sea Turtle":["misp-galaxy:threat-actor=\"Sea Turtle\""],"Shadow Network":["misp-galaxy:threat-actor=\"Shadow Network\""],"Shark Spider":["misp-galaxy:threat-actor=\"Shark Spider\""],"Group 13":["misp-galaxy:threat-actor=\"Shell Crew\""],"Sh3llCr3w":["misp-galaxy:threat-actor=\"Shell Crew\""],"Siesta":["misp-galaxy:threat-actor=\"Siesta\""],"Silence group":["misp-galaxy:threat-actor=\"Silence group\""],"Silent Chollima":["misp-galaxy:threat-actor=\"Silent Chollima\""],"OperationTroy":["misp-galaxy:threat-actor=\"Silent Chollima\""],"Guardian of Peace":["misp-galaxy:threat-actor=\"Silent Chollima\""],"GOP":["misp-galaxy:threat-actor=\"Silent Chollima\""],"WHOis Team":["misp-galaxy:threat-actor=\"Silent Chollima\""],"Subgroup: Andariel":["misp-galaxy:threat-actor=\"Silent Chollima\""],"Silent Librarian":["misp-galaxy:threat-actor=\"Silent Librarian\""],"Mabna Institute":["misp-galaxy:threat-actor=\"Silent Librarian\""],"Sima":["misp-galaxy:threat-actor=\"Sima\""],"Singing Spider":["misp-galaxy:threat-actor=\"Singing Spider\""],"Snake Wine":["misp-galaxy:threat-actor=\"Snake Wine\""],"PawnStorm":["misp-galaxy:threat-actor=\"Sofacy\""],"TAG_0700":["misp-galaxy:threat-actor=\"Sofacy\""],"IRON TWILIGHT":["misp-galaxy:threat-actor=\"Sofacy\""],"SIG40":["misp-galaxy:threat-actor=\"Sofacy\""],"Spicy Panda":["misp-galaxy:threat-actor=\"Spicy Panda\""],"Stalker Panda":["misp-galaxy:threat-actor=\"Stalker Panda\""],"FruityArmor":["misp-galaxy:threat-actor=\"Stealth Falcon\""],"APT 10":["misp-galaxy:threat-actor=\"Stone Panda\""],"MenuPass":["misp-galaxy:threat-actor=\"Stone Panda\""],"Menupass Team":["misp-galaxy:threat-actor=\"Stone Panda\""],"menuPass Team":["misp-galaxy:threat-actor=\"Stone Panda\""],"happyyongzi":["misp-galaxy:threat-actor=\"Stone Panda\""],"POTASSIUM":["misp-galaxy:threat-actor=\"Stone Panda\""],"DustStorm":["misp-galaxy:threat-actor=\"Stone Panda\""],"Cloud Hopper":["misp-galaxy:threat-actor=\"Stone Panda\""],"Subaat":["misp-galaxy:threat-actor=\"Subaat\"","misp-galaxy:threat-actor=\"The Gorgon Group\""],"TA505":["misp-galaxy:threat-actor=\"TA505\""],"TA530":["misp-galaxy:threat-actor=\"TA530\""],"TEMP.Hermit":["misp-galaxy:threat-actor=\"TEMP.Hermit\""],"Xenotime":["misp-galaxy:threat-actor=\"TEMP.Veles\""],"TeamSpy Crew":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"TeamSpy":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"Team Bear":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"Anger Bear":["misp-galaxy:threat-actor=\"TeamSpy Crew\""],"TeamXRat":["misp-galaxy:threat-actor=\"TeamXRat\""],"CorporacaoXRat":["misp-galaxy:threat-actor=\"TeamXRat\""],"CorporationXRat":["misp-galaxy:threat-actor=\"TeamXRat\""],"TeleBots":["misp-galaxy:threat-actor=\"TeleBots\""],"TempTick":["misp-galaxy:threat-actor=\"TempTick\""],"Temper Panda":["misp-galaxy:threat-actor=\"Temper Panda\""],"Admin338":["misp-galaxy:threat-actor=\"Temper Panda\""],"Team338":["misp-galaxy:threat-actor=\"Temper Panda\""],"MAGNESIUM":["misp-galaxy:threat-actor=\"Temper Panda\""],"Test Panda":["misp-galaxy:threat-actor=\"Test Panda\""],"The Big Bang":["misp-galaxy:threat-actor=\"The Big Bang\""],"The Gorgon Group":["misp-galaxy:threat-actor=\"The Gorgon Group\""],"The Shadow Brokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"The ShadowBrokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"TSB":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"Shadow Brokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"ShadowBrokers":["misp-galaxy:threat-actor=\"The Shadow Brokers\""],"Bronze Butler":["misp-galaxy:threat-actor=\"Tick\""],"RedBaldKnight":["misp-galaxy:threat-actor=\"Tick\""],"Tiny Spider":["misp-galaxy:threat-actor=\"Tiny Spider\""],"Tonto Team":["misp-galaxy:threat-actor=\"Tonto Team\""],"Toxic Panda":["misp-galaxy:threat-actor=\"Toxic Panda\""],"Operation Tropic Trooper":["misp-galaxy:threat-actor=\"Tropic Trooper\""],"Operation TropicTrooper":["misp-galaxy:threat-actor=\"Tropic Trooper\""],"TropicTrooper":["misp-galaxy:threat-actor=\"Tropic Trooper\""],"TurkHackTeam":["misp-galaxy:threat-actor=\"TurkHackTeam\""],"Turk Hack Team":["misp-galaxy:threat-actor=\"TurkHackTeam\""],"Turla Group":["misp-galaxy:threat-actor=\"Turla Group\""],"Venomous Bear":["misp-galaxy:threat-actor=\"Turla Group\""],"Group 88":["misp-galaxy:threat-actor=\"Turla Group\""],"WRAITH":["misp-galaxy:threat-actor=\"Turla Group\""],"Turla Team":["misp-galaxy:threat-actor=\"Turla Group\""],"Pfinet":["misp-galaxy:threat-actor=\"Turla Group\""],"TAG_0530":["misp-galaxy:threat-actor=\"Turla Group\""],"KRYPTON":["misp-galaxy:threat-actor=\"Turla Group\""],"SIG23":["misp-galaxy:threat-actor=\"Turla Group\""],"Iron Hunter":["misp-galaxy:threat-actor=\"Turla Group\""],"UPS":["misp-galaxy:threat-actor=\"UPS\""],"APT 3":["misp-galaxy:threat-actor=\"UPS\""],"Group 6":["misp-galaxy:threat-actor=\"UPS\""],"Boyusec":["misp-galaxy:threat-actor=\"UPS\""],"Union Panda":["misp-galaxy:threat-actor=\"Union Panda\""],"Union Spider":["misp-galaxy:threat-actor=\"Union Spider\""],"Unit 8200":["misp-galaxy:threat-actor=\"Unit 8200\""],"Duqu Group":["misp-galaxy:threat-actor=\"Unit 8200\""],"Unnamed Actor":["misp-galaxy:threat-actor=\"Unnamed Actor\""],"Viceroy Tiger":["misp-galaxy:threat-actor=\"Viceroy Tiger\""],"Appin":["misp-galaxy:threat-actor=\"Viceroy Tiger\""],"OperationHangover":["misp-galaxy:threat-actor=\"Viceroy Tiger\""],"Viking Jackal":["misp-galaxy:threat-actor=\"Viking Jackal\""],"Vikingdom":["misp-galaxy:threat-actor=\"Viking Jackal\""],"Violin Panda":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT20":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT 20":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT8":["misp-galaxy:threat-actor=\"Violin Panda\""],"APT 8":["misp-galaxy:threat-actor=\"Violin Panda\""],"TH3Bug":["misp-galaxy:threat-actor=\"Violin Panda\""],"Volatile Cedar":["misp-galaxy:threat-actor=\"Volatile Cedar\""],"WIZARD SPIDER":["misp-galaxy:threat-actor=\"WIZARD SPIDER\""],"Wekby":["misp-galaxy:threat-actor=\"Wekby\""],"APT 18":["misp-galaxy:threat-actor=\"Wekby\""],"SCANDIUM":["misp-galaxy:threat-actor=\"Wekby\""],"Wet Panda":["misp-galaxy:threat-actor=\"Wet Panda\""],"White Bear":["misp-galaxy:threat-actor=\"White Bear\""],"Skipper Turla":["misp-galaxy:threat-actor=\"White Bear\""],"Whitefly":["misp-galaxy:threat-actor=\"Whitefly\""],"WildNeutron":["misp-galaxy:threat-actor=\"WildNeutron\""],"Butterfly":["misp-galaxy:threat-actor=\"WildNeutron\""],"Morpho":["misp-galaxy:threat-actor=\"WildNeutron\""],"Sphinx Moth":["misp-galaxy:threat-actor=\"WildNeutron\""],"WindShift":["misp-galaxy:threat-actor=\"WindShift\""],"Winnti Umbrella":["misp-galaxy:threat-actor=\"Winnti Umbrella\""],"Wolf Spider":["misp-galaxy:threat-actor=\"Wolf Spider\""],"Zombie Spider":["misp-galaxy:threat-actor=\"Zombie Spider\""],"[Unnamed group]":["misp-galaxy:threat-actor=\"[Unnamed group]\""],"[Vault 7\/8]":["misp-galaxy:threat-actor=\"[Vault 7\/8]\""],"ALMA Communicator":["misp-galaxy:tool=\"ALMA Communicator\""],"AURIGA":["misp-galaxy:tool=\"AURIGA\""],"Agent ORM":["misp-galaxy:tool=\"Agent ORM\""],"Tosliph":["misp-galaxy:tool=\"Agent ORM\""],"ComRat":["misp-galaxy:tool=\"Agent.BTZ\""],"Agent.dne":["misp-galaxy:tool=\"Agent.dne\""],"PinkSlipBot":["misp-galaxy:tool=\"Akbot\""],"AmmyAdmin":["misp-galaxy:tool=\"AmmyAdmin\""],"August":["misp-galaxy:tool=\"August\""],"Aumlib":["misp-galaxy:tool=\"Aumlib\""],"Yayih":["misp-galaxy:tool=\"Aumlib\""],"mswab":["misp-galaxy:tool=\"Aumlib\""],"BANGAT":["misp-galaxy:tool=\"BANGAT\""],"BASHLITE":["misp-galaxy:tool=\"BASHLITE\""],"BISKVIT":["misp-galaxy:tool=\"BISKVIT\""],"BOUNCER":["misp-galaxy:tool=\"BOUNCER\""],"BabaYaga":["misp-galaxy:tool=\"BabaYaga\""],"BabyShark":["misp-galaxy:tool=\"BabyShark\""],"Backdoor.Dripion":["misp-galaxy:tool=\"Backdoor.Dripion\""],"Dripion":["misp-galaxy:tool=\"Backdoor.Dripion\""],"Backdoor.Tinybaron":["misp-galaxy:tool=\"Backdoor.Tinybaron\""],"Backspace":["misp-galaxy:tool=\"Backspace\""],"Badnews":["misp-galaxy:tool=\"Badnews\""],"Bookworm":["misp-galaxy:tool=\"Bookworm\""],"Brushaloader":["misp-galaxy:tool=\"Brushaloader\""],"Bunny":["misp-galaxy:tool=\"Bunny\""],"Bushaloader":["misp-galaxy:tool=\"Bushaloader\""],"(.v2 fysbis)":["misp-galaxy:tool=\"CHOPSTICK\""],"CMStar":["misp-galaxy:tool=\"CMStar\""],"COMBOS":["misp-galaxy:tool=\"COMBOS\""],"COOKIEBAG":["misp-galaxy:tool=\"COOKIEBAG\""],"TROJAN.COOKIES":["misp-galaxy:tool=\"COOKIEBAG\""],"APT.InfoStealer.Win.CORALDECK":["misp-galaxy:tool=\"CORALDECK\""],"FE_APT_InfoStealer_Win_CORALDECK_1":["misp-galaxy:tool=\"CORALDECK\""],"CTRat":["misp-galaxy:tool=\"CTRat\""],"CUTLET MAKER":["misp-galaxy:tool=\"CUTLET MAKER\""],"CWoolger":["misp-galaxy:tool=\"CWoolger\""],"Cadelspy":["misp-galaxy:tool=\"Cadelspy\""],"WinSpy":["misp-galaxy:tool=\"Cadelspy\""],"Carp Downloader":["misp-galaxy:tool=\"Carp Downloader\""],"Cheshire Cat":["misp-galaxy:tool=\"Cheshire Cat\""],"Pegasus spyware":["misp-galaxy:tool=\"Chrysaor\""],"ClipboardWalletHijacker":["misp-galaxy:tool=\"ClipboardWalletHijacker\""],"Cowboy":["misp-galaxy:tool=\"Cowboy\""],"CowerSnail":["misp-galaxy:tool=\"CowerSnail\""],"Cromptui":["misp-galaxy:tool=\"Cromptui\""],"CroniX":["misp-galaxy:tool=\"CroniX\""],"DAIRY":["misp-galaxy:tool=\"DAIRY\""],"DHS2015":["misp-galaxy:tool=\"DHS2015\""],"iRAT":["misp-galaxy:tool=\"DHS2015\""],"FE_APT_RAT_DOGCALL":["misp-galaxy:tool=\"DOGCALL\""],"FE_APT_Backdoor_Win32_DOGCALL_1":["misp-galaxy:tool=\"DOGCALL\""],"APT.Backdoor.Win.DOGCALL":["misp-galaxy:tool=\"DOGCALL\""],"DOPU":["misp-galaxy:tool=\"DOPU\""],"DanderSpritz":["misp-galaxy:tool=\"DanderSpritz\""],"Dander Spritz":["misp-galaxy:tool=\"DanderSpritz\""],"Dark Pulsar":["misp-galaxy:tool=\"DarkPulsar\""],"TROJ_DLLSERV.BE":["misp-galaxy:tool=\"Derusbi\""],"Digmine":["misp-galaxy:tool=\"Digmine\""],"Disgufa":["misp-galaxy:tool=\"Disgufa\""],"DoubleFantasy":["misp-galaxy:tool=\"DoubleFantasy\""],"DownRage":["misp-galaxy:tool=\"DownRage\""],"Carberplike":["misp-galaxy:tool=\"DownRage\""],"DownRange":["misp-galaxy:tool=\"DownRange\""],"Downloader-FGO":["misp-galaxy:tool=\"Downloader-FGO\""],"Win32:Malware-gen":["misp-galaxy:tool=\"Downloader-FGO\""],"Generic30.ASYL (Trojan horse)":["misp-galaxy:tool=\"Downloader-FGO\""],"TR\/Agent.84480.85":["misp-galaxy:tool=\"Downloader-FGO\""],"Trojan.Generic.8627031":["misp-galaxy:tool=\"Downloader-FGO\""],"Trojan:Win32\/Sisproc":["misp-galaxy:tool=\"Downloader-FGO\""],"SB\/Malware":["misp-galaxy:tool=\"Downloader-FGO\""],"Trj\/CI.A":["misp-galaxy:tool=\"Downloader-FGO\""],"Mal\/Behav-112":["misp-galaxy:tool=\"Downloader-FGO\""],"Trojan.Spuler":["misp-galaxy:tool=\"Downloader-FGO\""],"TROJ_KAZY.SM1":["misp-galaxy:tool=\"Downloader-FGO\""],"Win32\/FakePPT_i":["misp-galaxy:tool=\"Downloader-FGO\""],"EAGERLEVER":["misp-galaxy:tool=\"EAGERLEVER\""],"EARLYSHOVEL":["misp-galaxy:tool=\"EARLYSHOVEL\""],"EASYBEE":["misp-galaxy:tool=\"EASYBEE\""],"EASYFUN":["misp-galaxy:tool=\"EASYFUN\""],"EASYPI":["misp-galaxy:tool=\"EASYPI\""],"EBBISLAND (EBBSHAVE)":["misp-galaxy:tool=\"EBBISLAND (EBBSHAVE)\""],"ECHOWRECKER":["misp-galaxy:tool=\"ECHOWRECKER\""],"ECLIPSEDWING":["misp-galaxy:tool=\"ECLIPSEDWING\""],"EDUCATEDSCHOLAR":["misp-galaxy:tool=\"EDUCATEDSCHOLAR\""],"ELF_IMEIJ":["misp-galaxy:tool=\"ELF_IMEIJ\""],"EMERALDTHREAD":["misp-galaxy:tool=\"EMERALDTHREAD\""],"EMPHASISMINE":["misp-galaxy:tool=\"EMPHASISMINE\""],"ENGLISHMANSDENTIST":["misp-galaxy:tool=\"ENGLISHMANSDENTIST\""],"EPICHERO":["misp-galaxy:tool=\"EPICHERO\""],"ERRATICGOPHER":["misp-galaxy:tool=\"ERRATICGOPHER\""],"ERRATICGOPHERTOUCH":["misp-galaxy:tool=\"ERRATICGOPHERTOUCH\""],"ESKIMOROLL":["misp-galaxy:tool=\"ESKIMOROLL\""],"ESSAYKEYNOTE":["misp-galaxy:tool=\"ESSAYKEYNOTE\""],"ESTEEMAUDIT":["misp-galaxy:tool=\"ESTEEMAUDIT\""],"ETCETERABLUE":["misp-galaxy:tool=\"ETCETERABLUE\""],"ETERNALBLUE":["misp-galaxy:tool=\"ETERNALBLUE\""],"ETERNALCHAMPION":["misp-galaxy:tool=\"ETERNALCHAMPION\""],"ETERNALROMANCE":["misp-galaxy:tool=\"ETERNALROMANCE\""],"ETERNALSYNERGY":["misp-galaxy:tool=\"ETERNALSYNERGY\""],"ETRE":["misp-galaxy:tool=\"ETRE\""],"EVADEFRED":["misp-galaxy:tool=\"EVADEFRED\""],"EVILNUM":["misp-galaxy:tool=\"EVILNUM\""],"EWOKFRENZY":["misp-galaxy:tool=\"EWOKFRENZY\""],"EXPIREDPAYCHECK":["misp-galaxy:tool=\"EXPIREDPAYCHECK\""],"EXPLODINGCAN":["misp-galaxy:tool=\"EXPLODINGCAN\""],"Elise Backdoor":["misp-galaxy:tool=\"Elise Backdoor\""],"Newsripper":["misp-galaxy:tool=\"Emdivi\""],"Empyre":["misp-galaxy:tool=\"Empyre\""],"Empye":["misp-galaxy:tool=\"Empyre\""],"EngineBox Malware":["misp-galaxy:tool=\"EngineBox Malware\""],"EquationLaser":["misp-galaxy:tool=\"EquationLaser\""],"Escad":["misp-galaxy:tool=\"Escad\""],"Etumbot":["misp-galaxy:tool=\"Etumbot\""],"Exploz":["misp-galaxy:tool=\"Etumbot\""],"Specfix":["misp-galaxy:tool=\"Etumbot\""],"BKDR_HGDER":["misp-galaxy:tool=\"EvilGrab\""],"BKDR_EVILOGE":["misp-galaxy:tool=\"EvilGrab\""],"BKDR_NVICM":["misp-galaxy:tool=\"EvilGrab\""],"Wmonder":["misp-galaxy:tool=\"EvilGrab\""],"Exforel":["misp-galaxy:tool=\"Exforel\""],"Explosive":["misp-galaxy:tool=\"Explosive\""],"EyePyramid Malware":["misp-galaxy:tool=\"EyePyramid Malware\""],"FUZZBUNCH":["misp-galaxy:tool=\"FUZZBUNCH\""],"FacexWorm":["misp-galaxy:tool=\"FacexWorm\""],"Fadok":["misp-galaxy:tool=\"Fadok\""],"Win32\/Fadok":["misp-galaxy:tool=\"Fadok\""],"FAKEM":["misp-galaxy:tool=\"Fakem RAT\""],"Fexel":["misp-galaxy:tool=\"Fexel\""],"Loneagent":["misp-galaxy:tool=\"Fexel\""],"FlexSpy":["misp-galaxy:tool=\"FlexSpy\""],"Flokibot":["misp-galaxy:tool=\"Flokibot\""],"Floki Bot":["misp-galaxy:tool=\"Flokibot\""],"Floki":["misp-galaxy:tool=\"Flokibot\""],"Foozer":["misp-galaxy:tool=\"Foozer\""],"FormBook":["misp-galaxy:tool=\"FormBook\""],"Fysbis":["misp-galaxy:tool=\"Fysbis\""],"GDOCUPLOAD":["misp-galaxy:tool=\"GDOCUPLOAD\""],"GELCAPSULE":["misp-galaxy:tool=\"GELCAPSULE\""],"FE_APT_Downloader_Win32_GELCAPSULE_1":["misp-galaxy:tool=\"GELCAPSULE\""],"GETMAIL":["misp-galaxy:tool=\"GETMAIL\""],"GHOLE":["misp-galaxy:tool=\"GHOLE\""],"GHOTEX":["misp-galaxy:tool=\"GHOTEX\""],"TROJAN.GTALK":["misp-galaxy:tool=\"GLOOXMAIL\""],"GOGGLES":["misp-galaxy:tool=\"GOGGLES\""],"TROJAN.FOXY":["misp-galaxy:tool=\"GOGGLES\""],"GREENCAT":["misp-galaxy:tool=\"GREENCAT\""],"Gamut Botnet":["misp-galaxy:tool=\"Gamut Botnet\""],"Gh0st Rat":["misp-galaxy:tool=\"Gh0st Rat\""],"Gh0stRat, GhostRat":["misp-galaxy:tool=\"Gh0st Rat\""],"GoScanSSH":["misp-galaxy:tool=\"GoScanSSH\""],"Gootkit":["misp-galaxy:tool=\"GootKit\""],"GrayFish":["misp-galaxy:tool=\"GrayFish\""],"HACKFASE":["misp-galaxy:tool=\"HACKFASE\""],"FE_APT_Downloader_HAPPYWORK":["misp-galaxy:tool=\"HAPPYWORK\""],"FE_APT_Exploit_HWP_Happy":["misp-galaxy:tool=\"HAPPYWORK\""],"Downloader.APT.HAPPYWORK":["misp-galaxy:tool=\"HAPPYWORK\""],"HDRoot":["misp-galaxy:tool=\"HDRoot\""],"HELAUTO":["misp-galaxy:tool=\"HELAUTO\""],"TokenControl":["misp-galaxy:tool=\"HTTPBrowser\""],"Hackshit":["misp-galaxy:tool=\"Hackshit\""],"Tordal":["misp-galaxy:tool=\"Hancitor\""],"Helminth backdoor":["misp-galaxy:tool=\"Helminth backdoor\""],"HerHer Trojan":["misp-galaxy:tool=\"HerHer Trojan\""],"Heseber BOT":["misp-galaxy:tool=\"Heseber BOT\""],"Hi-ZOR":["misp-galaxy:tool=\"Hi-ZOR\""],"Hoardy":["misp-galaxy:tool=\"Hoardy\""],"Hoarde":["misp-galaxy:tool=\"Hoardy\""],"Phindolp":["misp-galaxy:tool=\"Hoardy\""],"Htran":["misp-galaxy:tool=\"Htran\""],"HUC Packet Transmitter":["misp-galaxy:tool=\"Htran\""],"Huigezi malware":["misp-galaxy:tool=\"Huigezi malware\""],"Houdini":["misp-galaxy:tool=\"Hworm\""],"Hyena":["misp-galaxy:tool=\"Hyena\""],"IISTOUCH":["misp-galaxy:tool=\"IISTOUCH\""],"IRONGATE":["misp-galaxy:tool=\"IRONGATE\""],"Incognito RAT":["misp-galaxy:tool=\"Incognito RAT\""],"IntrudingDivisor":["misp-galaxy:tool=\"IntrudingDivisor\""],"IoT_reaper":["misp-galaxy:tool=\"IoT_reaper\""],"Iron Backdoor":["misp-galaxy:tool=\"Iron Backdoor\""],"JS Flash":["misp-galaxy:tool=\"JS Flash\""],"JavaScript variant of HALFBAKED":["misp-galaxy:tool=\"JS Flash\""],"JS_POWMET":["misp-galaxy:tool=\"JS_POWMET\""],"JasperLoader":["misp-galaxy:tool=\"JasperLoader\""],"JexBoss":["misp-galaxy:tool=\"JexBoss\""],"Jripbot":["misp-galaxy:tool=\"Jripbot\""],"Jiripbot":["misp-galaxy:tool=\"Jripbot\""],"FE_APT_Backdoor_Karae_enc":["misp-galaxy:tool=\"KARAE\""],"FE_APT_Backdoor_Karae":["misp-galaxy:tool=\"KARAE\""],"Backdoor.APT.Karae":["misp-galaxy:tool=\"KARAE\""],"KURTON":["misp-galaxy:tool=\"KURTON\""],"KillDisk Wiper":["misp-galaxy:tool=\"KillDisk Wiper\""],"KimJongRAT":["misp-galaxy:tool=\"KimJongRAT\""],"KingMiner":["misp-galaxy:tool=\"KingMiner\""],"LATENTBOT":["misp-galaxy:tool=\"LATENTBOT\""],"LIGHTBOLT":["misp-galaxy:tool=\"LIGHTBOLT\""],"LIGHTDART":["misp-galaxy:tool=\"LIGHTDART\""],"LONGRUN":["misp-galaxy:tool=\"LONGRUN\""],"LURK":["misp-galaxy:tool=\"LURK\""],"LamePyre":["misp-galaxy:tool=\"LamePyre\""],"OSX.LamePyre":["misp-galaxy:tool=\"LamePyre\""],"Lazagne":["misp-galaxy:tool=\"Lazagne\""],"LockPoS":["misp-galaxy:tool=\"LockPoS\""],"Loki Bot":["misp-galaxy:tool=\"Loki Bot\""],"Lost Door RAT":["misp-galaxy:tool=\"Lost Door RAT\""],"LostDoor RAT":["misp-galaxy:tool=\"Lost Door RAT\""],"BKDR_LODORAT":["misp-galaxy:tool=\"Lost Door RAT\""],"LuminosityLink":["misp-galaxy:tool=\"LuminosityLink\""],"MANITSME":["misp-galaxy:tool=\"MANITSME\""],"MAPIGET":["misp-galaxy:tool=\"MAPIGET\""],"MFC Huner":["misp-galaxy:tool=\"MFC Huner\""],"Hupigon":["misp-galaxy:tool=\"MFC Huner\""],"BKDR_HUPIGON":["misp-galaxy:tool=\"MFC Huner\""],"MILKDROP":["misp-galaxy:tool=\"MILKDROP\""],"FE_Trojan_Win32_MILKDROP_1":["misp-galaxy:tool=\"MILKDROP\""],"MINIASP":["misp-galaxy:tool=\"MINIASP\""],"MM Core backdoor":["misp-galaxy:tool=\"MM Core\""],"BigBoss":["misp-galaxy:tool=\"MM Core\""],"SillyGoose":["misp-galaxy:tool=\"MM Core\""],"BaneChant":["misp-galaxy:tool=\"MM Core\""],"StrangeLove":["misp-galaxy:tool=\"MM Core\""],"MagentoCore Malware":["misp-galaxy:tool=\"MagentoCore Malware\""],"Maikspy":["misp-galaxy:tool=\"Maikspy\""],"Mikatz":["misp-galaxy:tool=\"Mimikatz\""],"Linux\/Mirai":["misp-galaxy:tool=\"Mirai\""],"MoneyTaker 5.0":["misp-galaxy:tool=\"MoneyTaker 5.0\""],"Moneygram Adwind":["misp-galaxy:tool=\"Moneygram Adwind\""],"Mongall":["misp-galaxy:tool=\"Mongall\""],"Moudoor":["misp-galaxy:tool=\"Moudoor\""],"SCAR":["misp-galaxy:tool=\"Moudoor\""],"KillProc.14145":["misp-galaxy:tool=\"Moudoor\""],"NAMEDPIPETOUCH":["misp-galaxy:tool=\"NAMEDPIPETOUCH\""],"NBot":["misp-galaxy:tool=\"NBot\""],"NEWSREELS":["misp-galaxy:tool=\"NEWSREELS\""],"NLBrute":["misp-galaxy:tool=\"NLBrute\""],"NanoCoreRAT":["misp-galaxy:tool=\"NanoCoreRAT\""],"Nancrat":["misp-galaxy:tool=\"NanoCoreRAT\""],"Zurten":["misp-galaxy:tool=\"NanoCoreRAT\""],"Atros2.CKPN":["misp-galaxy:tool=\"NanoCoreRAT\""],"Netfile":["misp-galaxy:tool=\"NetTraveler\""],"Neteagle":["misp-galaxy:tool=\"Neteagle\""],"scout":["misp-galaxy:tool=\"Neteagle\""],"norton":["misp-galaxy:tool=\"Neteagle\""],"Nflog":["misp-galaxy:tool=\"Nflog\""],"Not Petya":["misp-galaxy:tool=\"NotPetya\""],"ODDJOB":["misp-galaxy:tool=\"ODDJOB\""],"BackDoor-FDU":["misp-galaxy:tool=\"OLDBAIT\""],"IEChecker":["misp-galaxy:tool=\"OLDBAIT\""],"OSX.BadWord":["misp-galaxy:tool=\"OSX.BadWord\""],"OSX.Pirrit":["misp-galaxy:tool=\"OSX.Pirrit\""],"OSX\/Pirrit":["misp-galaxy:tool=\"OSX.Pirrit\""],"OSX\/Shlayer":["misp-galaxy:tool=\"OSX\/Shlayer\""],"Oldrea":["misp-galaxy:tool=\"Oldrea\""],"HSDFSDCrypt":["misp-galaxy:tool=\"Ordinypt\""],"OzoneRAT":["misp-galaxy:tool=\"OzoneRAT\""],"Ozone RAT":["misp-galaxy:tool=\"OzoneRAT\""],"ozonercp":["misp-galaxy:tool=\"OzoneRAT\""],"PAExec":["misp-galaxy:tool=\"PAExec\""],"PASSFREELY":["misp-galaxy:tool=\"PASSFREELY\""],"PCClient RAT":["misp-galaxy:tool=\"PCClient RAT\""],"PLEAD Downloader":["misp-galaxy:tool=\"PLEAD Downloader\""],"PNG Dropper":["misp-galaxy:tool=\"PNG Dropper\""],"PNG_Dropper":["misp-galaxy:tool=\"PNG Dropper\""],"PNGDropper":["misp-galaxy:tool=\"PNG Dropper\""],"Backdoor.APT.POORAIM":["misp-galaxy:tool=\"POORAIM\""],"PRILEX":["misp-galaxy:tool=\"PRILEX\""],"PWOBot":["misp-galaxy:tool=\"PWOBot\""],"PWOLauncher":["misp-galaxy:tool=\"PWOBot\""],"PWOHTTPD":["misp-galaxy:tool=\"PWOBot\""],"PWOKeyLogger":["misp-galaxy:tool=\"PWOBot\""],"PWOMiner":["misp-galaxy:tool=\"PWOBot\""],"PWOPyExec":["misp-galaxy:tool=\"PWOBot\""],"PWOQuery":["misp-galaxy:tool=\"PWOBot\""],"Palevo":["misp-galaxy:tool=\"Palevo\""],"Badey":["misp-galaxy:tool=\"Pirpi\""],"EXL":["misp-galaxy:tool=\"Pirpi\""],"Backdoor.FSZO-5117":["misp-galaxy:tool=\"PlugX\""],"Trojan.Heur.JP.juW@ayZZvMb":["misp-galaxy:tool=\"PlugX\""],"Trojan.Inject1.6386":["misp-galaxy:tool=\"PlugX\""],"Agent.dhwf":["misp-galaxy:tool=\"PlugX\""],"Preshin":["misp-galaxy:tool=\"Preshin\""],"PupyRAT":["misp-galaxy:tool=\"PupyRAT\""],"QUASARRAT":["misp-galaxy:tool=\"QUASARRAT\""],"RCS Galileo":["misp-galaxy:tool=\"RCS Galileo\""],"RDPWrap":["misp-galaxy:tool=\"RDPWrap\""],"REDLEAVES":["misp-galaxy:tool=\"REDLEAVES\""],"RICECURRY":["misp-galaxy:tool=\"RICECURRY\""],"Exploit.APT.RICECURRY":["misp-galaxy:tool=\"RICECURRY\""],"RPCOUTCH":["misp-galaxy:tool=\"RPCOUTCH\""],"RUHAPPY":["misp-galaxy:tool=\"RUHAPPY\""],"FE_APT_Trojan_Win32_RUHAPPY_1":["misp-galaxy:tool=\"RUHAPPY\""],"Ratankba":["misp-galaxy:tool=\"Ratankba\""],"Prax":["misp-galaxy:tool=\"Regin\""],"WarriorPride":["misp-galaxy:tool=\"Regin\""],"Rekaf":["misp-galaxy:tool=\"Rekaf\""],"Rotexy":["misp-galaxy:tool=\"Rotexy\""],"SMSThief":["misp-galaxy:tool=\"Rotexy\""],"Rotinom":["misp-galaxy:tool=\"Rotinom\""],"ROVNIX":["misp-galaxy:tool=\"Rovnix\""],"RoyalDNS":["misp-galaxy:tool=\"RoyalDNS\""],"Rubella Macro Builder":["misp-galaxy:tool=\"Rubella Macro Builder\""],"SEASALT":["misp-galaxy:tool=\"SEASALT\""],"FE_APT_Backdoor_SHUTTERSPEED":["misp-galaxy:tool=\"SHUTTERSPEED\""],"APT.Backdoor.SHUTTERSPEED":["misp-galaxy:tool=\"SHUTTERSPEED\""],"FE_APT_Downloader_Win_SLOWDRIFT_1":["misp-galaxy:tool=\"SLOWDRIFT\""],"FE_APT_Downloader_Win_SLOWDRIFT_2":["misp-galaxy:tool=\"SLOWDRIFT\""],"APT.Downloader.SLOWDRIFT":["misp-galaxy:tool=\"SLOWDRIFT\""],"SLUB Backdoor":["misp-galaxy:tool=\"SLUB Backdoor\""],"SMBTOUCH":["misp-galaxy:tool=\"SMBTOUCH\""],"SOUNDWAVE":["misp-galaxy:tool=\"SOUNDWAVE\""],"FE_APT_HackTool_Win32_SOUNDWAVE_1":["misp-galaxy:tool=\"SOUNDWAVE\""],"SPIVY":["misp-galaxy:tool=\"SPIVY\""],"STARSYPOUND":["misp-galaxy:tool=\"STARSYPOUND\""],"SURTR":["misp-galaxy:tool=\"SURTR\""],"SWORD":["misp-galaxy:tool=\"SWORD\""],"Scieron":["misp-galaxy:tool=\"Scieron\""],"Scranos":["misp-galaxy:tool=\"Scranos\""],"Sekur":["misp-galaxy:tool=\"Sekur\""],"ShimRAT":["misp-galaxy:tool=\"ShimRAT\""],"Shipup":["misp-galaxy:tool=\"Shipup\""],"Shiz":["misp-galaxy:tool=\"Shiz\""],"Win32\/Sirefef":["misp-galaxy:tool=\"Sirefef\""],"SkeletonKey":["misp-galaxy:tool=\"SkeletonKey\""],"Skyipot":["misp-galaxy:tool=\"Skyipot\""],"GM-Bot":["misp-galaxy:tool=\"Slempo\""],"Spindest":["misp-galaxy:tool=\"Spindest\""],"StalinLocker":["misp-galaxy:tool=\"StalinLocker\""],"StalinScreamer":["misp-galaxy:tool=\"StalinLocker\""],"StealthWorker":["misp-galaxy:tool=\"StealthWorker\""],"StrongPity2":["misp-galaxy:tool=\"StrongPity2\""],"Win32\/StrongPity2":["misp-galaxy:tool=\"StrongPity2\""],"trojan-banker.androidos.svpeng.ae":["misp-galaxy:tool=\"Svpeng\""],"Swisyn":["misp-galaxy:tool=\"Swisyn\""],"T5000":["misp-galaxy:tool=\"T5000\""],"Plat1":["misp-galaxy:tool=\"T5000\""],"TABMSGSQL":["misp-galaxy:tool=\"TABMSGSQL\""],"TROJAN LETSGO":["misp-galaxy:tool=\"TABMSGSQL\""],"TARSIP-ECLIPSE":["misp-galaxy:tool=\"TARSIP-ECLIPSE\""],"TARSIP-MOON":["misp-galaxy:tool=\"TARSIP-MOON\""],"TRISIS":["misp-galaxy:tool=\"TRISIS\""],"TRITON":["misp-galaxy:tool=\"TRISIS\""],"Tafacalou":["misp-galaxy:tool=\"Tafacalou\""],"Tartine":["misp-galaxy:tool=\"Tartine\""],"Taurus":["misp-galaxy:tool=\"Taurus\""],"Tdrop":["misp-galaxy:tool=\"Tdrop\""],"Tdrop2":["misp-galaxy:tool=\"Tdrop2\""],"Terra Loader":["misp-galaxy:tool=\"Terra Loader\""],"Torn RAT":["misp-galaxy:tool=\"Torn RAT\""],"Travle":["misp-galaxy:tool=\"Travle\""],"PYLOT":["misp-galaxy:tool=\"Travle\""],"Trick Bot":["misp-galaxy:tool=\"Trick Bot\""],"TripleFantasy":["misp-galaxy:tool=\"TripleFantasy\""],"Trojan.Laziok":["misp-galaxy:tool=\"Trojan.Laziok\""],"Trojan.Naid":["misp-galaxy:tool=\"Trojan.Naid\""],"Mdmbot.E":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.GUNZ":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.AQUP.DROPPER":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.BMZA":["misp-galaxy:tool=\"Trojan.Naid\""],"MCRAT.A":["misp-galaxy:tool=\"Trojan.Naid\""],"AGENT.ABQMR":["misp-galaxy:tool=\"Trojan.Naid\""],"Trojan.Seaduke":["misp-galaxy:tool=\"Trojan.Seaduke\""],"Seaduke":["misp-galaxy:tool=\"Trojan.Seaduke\""],"Troy":["misp-galaxy:tool=\"Troy\""],"Urouros":["misp-galaxy:tool=\"Turla\""],"UselessDisk":["misp-galaxy:tool=\"UselessDisk\""],"DiskWriter":["misp-galaxy:tool=\"UselessDisk\""],"VB Flash":["misp-galaxy:tool=\"VB Flash\""],"VPNFilter":["misp-galaxy:tool=\"VPNFilter\""],"WARP":["misp-galaxy:tool=\"WARP\""],"WEBC2-ADSPACE":["misp-galaxy:tool=\"WEBC2-ADSPACE\""],"WEBC2-AUSOV":["misp-galaxy:tool=\"WEBC2-AUSOV\""],"WEBC2-BOLID":["misp-galaxy:tool=\"WEBC2-BOLID\""],"WEBC2-CLOVER":["misp-galaxy:tool=\"WEBC2-CLOVER\""],"WEBC2-CSON":["misp-galaxy:tool=\"WEBC2-CSON\""],"WEBC2-DIV":["misp-galaxy:tool=\"WEBC2-DIV\""],"WEBC2-GREENCAT":["misp-galaxy:tool=\"WEBC2-GREENCAT\""],"WEBC2-HEAD":["misp-galaxy:tool=\"WEBC2-HEAD\""],"WEBC2-KT3":["misp-galaxy:tool=\"WEBC2-KT3\""],"WEBC2-QBP":["misp-galaxy:tool=\"WEBC2-QBP\""],"WEBC2-RAVE":["misp-galaxy:tool=\"WEBC2-RAVE\""],"WEBC2-TABLE":["misp-galaxy:tool=\"WEBC2-TABLE\""],"WEBC2-TOCK":["misp-galaxy:tool=\"WEBC2-TOCK\""],"WEBC2-UGX":["misp-galaxy:tool=\"WEBC2-UGX\""],"WEBC2-Y21K":["misp-galaxy:tool=\"WEBC2-Y21K\""],"WEBC2-YAHOO":["misp-galaxy:tool=\"WEBC2-YAHOO\""],"FE_APT_Backdoor_WINERACK":["misp-galaxy:tool=\"WINERACK\""],"Backdoor.APT.WINERACK":["misp-galaxy:tool=\"WINERACK\""],"WinIDS":["misp-galaxy:tool=\"WinIDS\""],"Etso":["misp-galaxy:tool=\"Winnti\""],"SUQ":["misp-galaxy:tool=\"Winnti\""],"Agent.ALQHI":["misp-galaxy:tool=\"Winnti\""],"Epic Turla":["misp-galaxy:tool=\"Wipbot\""],"Wmiexec":["misp-galaxy:tool=\"Wmiexec\""],"XAgent":["misp-galaxy:tool=\"X-Agent\""],"XSControl":["misp-galaxy:tool=\"XSControl\""],"W32\/Seeav":["misp-galaxy:tool=\"Yahoyah\""],"ZUMKONG":["misp-galaxy:tool=\"ZUMKONG\""],"FE_APT_Trojan_Zumkong":["misp-galaxy:tool=\"ZUMKONG\""],"Trojan.APT.Zumkong":["misp-galaxy:tool=\"ZUMKONG\""],"Sensode":["misp-galaxy:tool=\"ZXShell\""],"ZeGhost":["misp-galaxy:tool=\"ZeGhost\""],"BackDoor-FBZT!52D84425CDF2":["misp-galaxy:tool=\"ZeGhost\""],"Trojan.Win32.Staser.ytq":["misp-galaxy:tool=\"ZeGhost\""],"Win32\/Zegost.BW":["misp-galaxy:tool=\"ZeGhost\""],"Trojan.Zbot":["misp-galaxy:tool=\"Zeus\""],"adzok":["misp-galaxy:tool=\"adzok\""],"albertino":["misp-galaxy:tool=\"albertino\""],"arcom":["misp-galaxy:tool=\"arcom\""],"blacknix":["misp-galaxy:tool=\"blacknix\""],"bluebanana":["misp-galaxy:tool=\"bluebanana\""],"bozok":["misp-galaxy:tool=\"bozok\""],"clientmesh":["misp-galaxy:tool=\"clientmesh\""],"csvde.exe":["misp-galaxy:tool=\"csvde.exe\""],"cybergate":["misp-galaxy:tool=\"cybergate\""],"da Vinci RCS":["misp-galaxy:tool=\"da Vinci RCS\""],"DaVinci":["misp-galaxy:tool=\"da Vinci RCS\""],"Morcut":["misp-galaxy:tool=\"da Vinci RCS\""],"darkcomet":["misp-galaxy:tool=\"darkcomet\""],"darkddoser":["misp-galaxy:tool=\"darkddoser\""],"darkrat":["misp-galaxy:tool=\"darkrat\""],"feodo":["misp-galaxy:tool=\"feodo\""],"greame":["misp-galaxy:tool=\"greame\""],"hawkeye":["misp-galaxy:tool=\"hawkeye\""],"javadropper":["misp-galaxy:tool=\"javadropper\""],"jspy":["misp-galaxy:tool=\"jspy\""],"kitty Malware":["misp-galaxy:tool=\"kitty Malware\""],"lostdoor":["misp-galaxy:tool=\"lostdoor\""],"luxnet":["misp-galaxy:tool=\"luxnet\""],"miniFlame":["misp-galaxy:tool=\"miniFlame\""],"njRAT":["misp-galaxy:tool=\"njRAT\""],"Jorik":["misp-galaxy:tool=\"njRAT\""],"pandora":["misp-galaxy:tool=\"pandora\""],"predatorpain":["misp-galaxy:tool=\"predatorpain\""],"punisher":["misp-galaxy:tool=\"punisher\""],"shadowtech":["misp-galaxy:tool=\"shadowtech\""],"smallnet":["misp-galaxy:tool=\"smallnet\""],"spygate":["misp-galaxy:tool=\"spygate\""],"tapaoux":["misp-galaxy:tool=\"tapaoux\""],"template":["misp-galaxy:tool=\"template\""],"vantom":["misp-galaxy:tool=\"vantom\""],"virusrat":["misp-galaxy:tool=\"virusrat\""],"wp-vcd":["misp-galaxy:tool=\"wp-vcd\""],"xDedic RDP Patch":["misp-galaxy:tool=\"xDedic RDP Patch\""],"xDedic SysScan":["misp-galaxy:tool=\"xDedic SysScan\""],"xena":["misp-galaxy:tool=\"xena\""],"xrat":["misp-galaxy:tool=\"xrat\""],"xtreme":["misp-galaxy:tool=\"xtreme\""]} \ No newline at end of file diff --git a/misp_modules/modules/import_mod/__init__.py b/misp_modules/modules/import_mod/__init__.py index 71ae7fa7..a7d220d3 100644 --- a/misp_modules/modules/import_mod/__init__.py +++ b/misp_modules/modules/import_mod/__init__.py @@ -15,4 +15,5 @@ __all__ = [ 'csvimport', 'cof2misp', 'joe_import', + 'taxii21' ] diff --git a/misp_modules/modules/import_mod/taxii21.py b/misp_modules/modules/import_mod/taxii21.py new file mode 100644 index 00000000..4993dbf7 --- /dev/null +++ b/misp_modules/modules/import_mod/taxii21.py @@ -0,0 +1,354 @@ +""" +Import content from a TAXII 2.1 server. +""" +import collections +import itertools +import json +import misp_modules.lib.stix2misp +from pathlib import Path +import re +import stix2.v20 +import taxii2client +import taxii2client.exceptions +import requests + + +class ConfigError(Exception): + """ + Represents an error in the config settings for one invocation of this + module. + """ + pass + + +misperrors = {'error': 'Error'} + +moduleinfo = {'version': '0.1', 'author': 'Abc', + 'description': 'Import content from a TAXII 2.1 server', + 'module-type': ['import']} + +mispattributes = { + 'inputSource': [], + 'output': ['MISP objects'], + 'format': 'misp_standard', +} + + +userConfig = { + "url": { + "type": "String", + "message": "A TAXII 2.1 collection URL", + }, + "added_after": { + "type": "String", + "message": "Lower bound on time the object was uploaded to the TAXII server" + }, + "stix_id": { + "type": "String", + "message": "STIX ID(s) of objects" + }, + "spec_version": { # TAXII 2.1 specific + "type": "String", + "message": "STIX version(s) of objects" + }, + "type": { + "type": "String", + "message": "STIX type(s) of objects" + }, + "version": { + "type": "String", + "message": 'Version timestamp(s), or "first"/"last"/"all"' + }, + # Should we give some user control over this? It will not be allowed to + # exceed the admin setting. + "STIX object limit": { + "type": "Integer", + "message": "Maximum number of STIX objects to process" + }, + "username": { + "type": "String", + "message": "Username for TAXII server authentication, if necessary" + }, + "password": { + "type": "String", + "message": "Password for TAXII server authentication, if necessary" + } +} + +# Paging will be handled transparently by this module, so user-defined +# paging-related filtering parameters will not be supported. + + +# This module will not process more than this number of STIX objects in total +# from a TAXII server in one module invocation (across all pages), to limit +# resource consumption. +moduleconfig = [ + "stix_object_limit" +] + + +# In case there is neither an admin nor user setting given. +_DEFAULT_STIX_OBJECT_LIMIT = 1000 + + +# Page size to use when paging TAXII results. Trades off the amount of +# hammering on TAXII servers and overhead of repeated requests, with the +# resource consumption of a single page. (Should be an admin setting too?) +_PAGE_SIZE = 100 + + +_synonymsToTagNames_path = Path(__file__).parent / "../../lib/synonymsToTagNames.json" + + +# Collects module config information necessary to perform the TAXII query. +Config = collections.namedtuple("Config", [ + "url", + "added_after", + "id", + "spec_version", + "type", + "version", + "stix_object_limit", + "username", + "password" +]) + + +def _normalize_multi_values(value): + """ + Some TAXII filters may contain multiple values separated by commas, + without spaces around the commas. Maybe give MISP users a little more + flexibility? This function normalizes a possible multi-valued value + (e.g. multiple values delimited by commas or spaces, all in the same + string) to TAXII-required format. + + :param value: A MISP config value + :return: A normalized value + """ + + if "," in value: + value = re.sub(r"\s*,\s*", ",", value) + else: + # Assume space delimiting; replace spaces with commas. + # I don't think we need to worry about spaces embedded in values. + value = re.sub(r"\s+", ",", value) + + value = value.strip(",") + + return value + + +def _get_config(config): + """ + Combine user, admin, and default config settings to produce a config + object with all settings together. + + :param config: The misp-modules request's "config" value. + :return: A Config object + :raises ConfigError: if any config errors are detected + """ + + # Strip whitespace from all config settings... except for password? + for key, val in config.items(): + if isinstance(val, str) and key != "password": + config[key] = val.strip() + + url = config.get("url") + added_after = config.get("added_after") + id_ = config.get("stix_id") + spec_version = config.get("spec_version") + type_ = config.get("type") + version_ = config.get("version") + username = config.get("username") + password = config.get("password") + admin_stix_object_limit = config.get("stix_object_limit") + user_stix_object_limit = config.get("STIX object limit") + + if admin_stix_object_limit: + admin_stix_object_limit = int(admin_stix_object_limit) + else: + admin_stix_object_limit = _DEFAULT_STIX_OBJECT_LIMIT + + if user_stix_object_limit: + user_stix_object_limit = int(user_stix_object_limit) + stix_object_limit = min(user_stix_object_limit, admin_stix_object_limit) + else: + stix_object_limit = admin_stix_object_limit + + # How much of this should we sanity-check here before passing it off to the + # TAXII client (and thence, to the TAXII server)? + + if not url: + raise ConfigError("A TAXII 2.1 collection URL is required.") + + if admin_stix_object_limit < 1: + raise ConfigError( + "Invalid admin object limit: must be positive: " + + str(admin_stix_object_limit) + ) + + if stix_object_limit < 1: + raise ConfigError( + "Invalid object limit: must be positive: " + + str(stix_object_limit) + ) + + if id_: + id_ = _normalize_multi_values(id_) + if spec_version: + spec_version = _normalize_multi_values(spec_version) + if type_: + type_ = _normalize_multi_values(type_) + if version_: + version_ = _normalize_multi_values(version_) + + # STIX->MISP converter currently only supports STIX 2.0, so let's force + # spec_version="2.0". + if not spec_version: + spec_version = "2.0" + elif spec_version != "2.0": + raise ConfigError('Only spec_version="2.0" is supported for now.') + + if (username and not password) or (not username and password): + raise ConfigError( + 'Both or neither of "username" and "password" are required.' + ) + + config_obj = Config( + url, added_after, id_, spec_version, type_, version_, stix_object_limit, + username, password + ) + + return config_obj + + +def _query_taxii(config): + """ + Query the TAXII server according to the given config, convert the STIX + results to MISP, and return a standard misp-modules response. + + :param config: Module config information as a Config object + :return: A dict containing a misp-modules response + """ + + collection = taxii2client.Collection( + config.url, user=config.username, password=config.password + ) + + # No point in asking for more than our overall limit. + page_size = min(_PAGE_SIZE, config.stix_object_limit) + + kwargs = { + "per_request": page_size + } + + if config.spec_version: + kwargs["spec_version"] = config.spec_version + if config.version: + kwargs["version"] = config.version + if config.id: + kwargs["id"] = config.id + if config.type: + kwargs["type"] = config.type + if config.added_after: + kwargs["added_after"] = config.added_after + + pages = taxii2client.as_pages( + collection.get_objects, + **kwargs + ) + + # Chain all the objects from all pages together... + all_stix_objects = itertools.chain.from_iterable( + taxii_envelope.get("objects", []) + for taxii_envelope in pages + ) + + # And only take the first N objects from that. + limited_stix_objects = itertools.islice( + all_stix_objects, 0, config.stix_object_limit + ) + + # Collect into a list. This is... unfortunate, but I don't think the + # converter will work incrementally (will it?). It expects all objects to + # be given at once. + # + # It may also be desirable to have all objects available at once so that + # cross-references can be made where possible, but it results in increased + # memory usage. + stix_objects = list(limited_stix_objects) + + # The STIX 2.0 converter wants a 2.0 bundle. (Hope the TAXII server isn't + # returning 2.1 objects!) + bundle20 = stix2.v20.Bundle(stix_objects, allow_custom=True) + + converter = misp_modules.lib.stix2misp.ExternalStixParser() + converter.handler( + bundle20, None, [0, "event", str(_synonymsToTagNames_path)] + ) + + attributes = [ + attr.to_dict(json_format=True) + for attr in converter.misp_event.attributes + ] + + objects = [ + obj.to_dict(json_format=True) + for obj in converter.misp_event.objects + ] + + tags = [ + tag.to_dict(json_format=True) + for tag in converter.misp_event.tags + ] + + result = { + "results": { + "Attribute": attributes, + "Object": objects, + "Tag": tags + } + } + + return result + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + + result = None + config = None + + try: + config = _get_config(request["config"]) + except ConfigError as e: + result = misperrors + result["error"] = e.args[0] + + if not result: + try: + result = _query_taxii(config) + except taxii2client.exceptions.TAXIIServiceException as e: + result = misperrors + result["error"] = str(e) + except requests.HTTPError as e: + # Let's give a better error message for auth issues. + if e.response.status_code in (401, 403): + result = misperrors + result["error"] = "Access was denied." + else: + raise + + return result + + +def introspection(): + mispattributes["userConfig"] = userConfig + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From 24070bfab7d7f0d8be51f452f4d2241eaf6e6b07 Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Tue, 14 Dec 2021 01:02:35 -0500 Subject: [PATCH 02/13] Add workaround for PyMISP bug regarding conversion of objects to JSON-serializable values. --- misp_modules/modules/import_mod/taxii21.py | 25 +++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/import_mod/taxii21.py b/misp_modules/modules/import_mod/taxii21.py index 4993dbf7..d03b85cb 100644 --- a/misp_modules/modules/import_mod/taxii21.py +++ b/misp_modules/modules/import_mod/taxii21.py @@ -114,6 +114,25 @@ Config = collections.namedtuple("Config", [ ]) +def _pymisp_to_json_serializable(obj): + """ + Work around a possible bug with PyMISP's + AbstractMisp.to_dict(json_format=True) method, which doesn't always produce + a JSON-serializable value (i.e. a value which is serializable with the + default JSON encoder). + + :param obj: A PyMISP object + :return: A JSON-serializable version of the object + """ + + # The workaround creates a JSON string and then parses it back to a + # JSON-serializable value. + json_ = obj.to_json() + json_serializable = json.loads(json_) + + return json_serializable + + def _normalize_multi_values(value): """ Some TAXII filters may contain multiple values separated by commas, @@ -288,17 +307,17 @@ def _query_taxii(config): ) attributes = [ - attr.to_dict(json_format=True) + _pymisp_to_json_serializable(attr) for attr in converter.misp_event.attributes ] objects = [ - obj.to_dict(json_format=True) + _pymisp_to_json_serializable(obj) for obj in converter.misp_event.objects ] tags = [ - tag.to_dict(json_format=True) + _pymisp_to_json_serializable(tag) for tag in converter.misp_event.tags ] From 549f937b1e03276b14101c6e5b8a38ea379343aa Mon Sep 17 00:00:00 2001 From: Michael Chisholm Date: Fri, 14 Jan 2022 11:48:49 -0500 Subject: [PATCH 03/13] Added some library requirements for the taxii21 import module. --- REQUIREMENTS | 2 ++ 1 file changed, 2 insertions(+) diff --git a/REQUIREMENTS b/REQUIREMENTS index c0b5326d..4c76aba4 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -128,9 +128,11 @@ socialscan==1.4.2 socketio-client==0.5.7.4 soupsieve==2.2.1; python_version >= '3' sparqlwrapper==1.8.5 +stix2==3.0.1 stix2-patterns==1.3.2 tabulate==0.8.9 tau-clients==0.1.3 +taxii2-client==2.3.0 tldextract==3.1.0; python_version >= '3.5' tornado==6.1; python_version >= '3.5' tqdm==4.62.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' From ed2d14c956c9e08e96dc7a20b2c00447865fbfab Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Thu, 3 Feb 2022 10:44:13 +0100 Subject: [PATCH 04/13] Add hashlookup to expansion init.py --- misp_modules/modules/expansion/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index 7591d7da..d20fe349 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb'] + 'qintel_qsentry', 'mwdb', 'hashlookup'] minimum_required_fields = ('type', 'uuid', 'value') From 323ca67a6c5689319e4b7da195ae148877f2bf2d Mon Sep 17 00:00:00 2001 From: Daniel Pascual Date: Thu, 3 Feb 2022 13:25:29 +0100 Subject: [PATCH 05/13] MISP exportmodule to create a VT Collection form an event --- misp_modules/modules/export_mod/__init__.py | 3 +- .../export_mod/virustotal_collections.py | 134 ++++++++++++++++++ 2 files changed, 136 insertions(+), 1 deletion(-) create mode 100644 misp_modules/modules/export_mod/virustotal_collections.py diff --git a/misp_modules/modules/export_mod/__init__.py b/misp_modules/modules/export_mod/__init__.py index 5b69d02a..ea90d197 100644 --- a/misp_modules/modules/export_mod/__init__.py +++ b/misp_modules/modules/export_mod/__init__.py @@ -1,2 +1,3 @@ __all__ = ['cef_export', 'mass_eql_export', 'liteexport', 'goamlexport', 'threat_connect_export', 'pdfexport', - 'threatStream_misp_export', 'osqueryexport', 'nexthinkexport', 'vt_graph', 'defender_endpoint_export'] + 'threatStream_misp_export', 'osqueryexport', 'nexthinkexport', 'vt_graph', 'defender_endpoint_export', + 'virustotal_collections'] diff --git a/misp_modules/modules/export_mod/virustotal_collections.py b/misp_modules/modules/export_mod/virustotal_collections.py new file mode 100644 index 00000000..fa2929ca --- /dev/null +++ b/misp_modules/modules/export_mod/virustotal_collections.py @@ -0,0 +1,134 @@ +#!/usr/bin/env python3 + +# Copyright 2022 Google Inc. All Rights Reserved. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +"""Creates a VT Collection with indicators present in a given event.""" + +import base64 +import json +import requests + +misperrors = { + 'error': 'Error' +} + +mispattributes = { + 'input': [ + 'hostname', + 'domain', + 'ip-src', + 'ip-dst', + 'md5', + 'sha1', + 'sha256', + 'url' + ], + 'format': 'misp_standard', + 'responseType': 'application/txt', + 'outputFileExtension': 'txt', +} + +moduleinfo = { + 'version': '1.0', + 'author': 'VirusTotal', + 'description': 'Creates a VT Collection from an event iocs.', + 'module-type': ['export'] +} + +moduleconfig = [ + 'vt_api_key', + 'proxy_host', + 'proxy_port', + 'proxy_username', + 'proxy_password' +] + + +class VTError(Exception): + "Exception class to map vt api response errors." + pass + + +def create_collection(api_key, event_data): + headers = { + 'x-apikey': api_key, + 'content-type': 'application/json', + 'x-tool': 'MISPModuleVirusTotalCollectionExport', + } + + response = requests.post('https://www.virustotal.com/api/v3/integrations/misp/collections', + headers=headers, + json=event_data) + + uuid = event_data['Event']['uuid'] + response_data = response.json() + + if response.status_code == 200: + link = response_data['data']['links']['self'] + return f'{uuid}: {link}' + + error = response_data['error']['message'] + if response.status_code == 400: + return f'{uuid}: {error}' + else: + misperrors['error'] = error + raise VTError(error) + + +def normalize_misp_data(data): + normalized_data = {'Event': data.pop('Event', {})} + for attr_key in data: + if isinstance(data[attr_key], list) or isinstance(data[attr_key], dict): + if attr_key == 'EventTag': + normalized_data['Event']['Tag'] = [tag['Tag'] for tag in data[attr_key]] + else: + normalized_data['Event'][attr_key] = data[attr_key] + + return normalized_data + + +def handler(q=False): + request = json.loads(q) + + if not request.get('config') or not request['config'].get('vt_api_key'): + misperrors['error'] = 'A VirusTotal api key is required for this module.' + return misperrors + + config = request['config'] + data = request['data'] + responses = [] + + try: + for event_data in data: + normalized_event = normalize_misp_data(event_data) + responses.append(create_collection(config.get('vt_api_key'), + normalized_event)) + + output = '\n'.join(responses) + return { + "response": [], + "data": str(base64.b64encode(bytes(output, 'utf-8')), 'utf-8'), + } + except VTError: + return misperrors + + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From c20c4072831e3251baf3ed0f5ba61637ff7f9ef3 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Thu, 3 Feb 2022 19:38:42 +0100 Subject: [PATCH 06/13] fix: [test] cache url test --- tests/test_expansions.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test_expansions.py b/tests/test_expansions.py index b8764f7f..23ddad2c 100644 --- a/tests/test_expansions.py +++ b/tests/test_expansions.py @@ -494,7 +494,7 @@ class TestExpansions(unittest.TestCase): query = {"module": "sourcecache", "link": input_value} response = self.misp_modules_post(query) self.assertEqual(self.get_values(response), input_value) - self.assertTrue(self.get_data(response).startswith('PCFET0NUWVBFIEhUTUw+CjwhLS0KCUFyY2FuYSBieSBIVE1MN')) + self.assertTrue(self.get_data(response)) def test_stix2_pattern_validator(self): query = {"module": "stix2_pattern_syntax_validator", "stix2-pattern": "[ipv4-addr:value = '8.8.8.8']"} From 01d09355b4bd383dd743c3152b01f63d11230806 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 4 Feb 2022 12:00:05 +0100 Subject: [PATCH 07/13] new: [doc] virustotal_collections modules added --- .../website/export_mod/virustotal_collections.json | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 documentation/website/export_mod/virustotal_collections.json diff --git a/documentation/website/export_mod/virustotal_collections.json b/documentation/website/export_mod/virustotal_collections.json new file mode 100644 index 00000000..1ecdbe92 --- /dev/null +++ b/documentation/website/export_mod/virustotal_collections.json @@ -0,0 +1,14 @@ +{ + "description": "Creates a VT Collection from an event iocs.", + "logo": "virustotal.png", + "requirements": [ + "An access to the VirusTotal API (apikey)." + ], + "input": "A domain, hash (md5, sha1, sha256 or sha512), hostname, url or IP address attribute.", + "output": "A VirusTotal collection in VT.", + "references": [ + "https://www.virustotal.com/", + "https://blog.virustotal.com/2021/11/introducing-virustotal-collections.html" + ], + "features": "This export module which takes advantage of a new endpoint in VT APIv3 to create VT Collections from IOCs contained in a MISP event. With this module users will be able to create a collection just using the Download as... button." +} From 27d7e19c15297cb4e77bb2454f8e5f7c66cdb830 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Fri, 4 Feb 2022 12:00:49 +0100 Subject: [PATCH 08/13] chg: [doc] updated --- documentation/README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/documentation/README.md b/documentation/README.md index c9fd62ef..88670b06 100644 --- a/documentation/README.md +++ b/documentation/README.md @@ -2045,6 +2045,25 @@ Module to export a structured CSV file for uploading to ThreatConnect. ----- +#### [virustotal_collections](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/virustotal_collections.py) + + + +Creates a VT Collection from an event iocs. +- **features**: +>This export module which takes advantage of a new endpoint in VT APIv3 to create VT Collections from IOCs contained in a MISP event. With this module users will be able to create a collection just using the Download as... button. +- **input**: +>A domain, hash (md5, sha1, sha256 or sha512), hostname, url or IP address attribute. +- **output**: +>A VirusTotal collection in VT. +- **references**: +> - https://www.virustotal.com/ +> - https://blog.virustotal.com/2021/11/introducing-virustotal-collections.html +- **requirements**: +>An access to the VirusTotal API (apikey). + +----- + #### [vt_graph](https://github.com/MISP/misp-modules/tree/main/misp_modules/modules/export_mod/vt_graph.py) From 91235b8cef714be42b4e2d9ba210141038579223 Mon Sep 17 00:00:00 2001 From: Jakub Onderka Date: Fri, 4 Feb 2022 12:43:11 +0100 Subject: [PATCH 09/13] Update dependencies, require Python 3.7 --- .github/workflows/python-package.yml | 2 + Pipfile | 24 ++-- REQUIREMENTS | 181 ++++++++++++++------------- 3 files changed, 113 insertions(+), 94 deletions(-) diff --git a/.github/workflows/python-package.yml b/.github/workflows/python-package.yml index a4449588..510a4699 100644 --- a/.github/workflows/python-package.yml +++ b/.github/workflows/python-package.yml @@ -46,5 +46,7 @@ jobs: # Run server in background misp-modules -l 127.0.0.1 -s & sleep 5 + # Check if modules are running + curl -sS localhost:6666/modules # Run tests pytest tests diff --git a/Pipfile b/Pipfile index 85226bec..bdf2c980 100644 --- a/Pipfile +++ b/Pipfile @@ -17,9 +17,9 @@ passivetotal = "*" pypdns = "*" pypssl = "*" pyeupi = "*" -pymisp = { extras = ["fileobjects,openioc,pdfexport,email"], version = "*" } -pyonyphe = { editable = true, git = "https://github.com/sebdraven/pyonyphe" } -pydnstrails = { editable = true, git = "https://github.com/sebdraven/pydnstrails" } +pymisp = { extras = ["fileobjects,openioc,pdfexport,email,url"], version = "*" } +pyonyphe = { git = "https://github.com/sebdraven/pyonyphe" } +pydnstrails = { git = "https://github.com/sebdraven/pydnstrails" } pytesseract = "*" pygeoip = "*" beautifulsoup4 = "*" @@ -31,20 +31,20 @@ maclookup = "*" vulners = "*" blockchain = "*" reportlab = "*" -pyintel471 = { editable = true, git = "https://github.com/MISP/PyIntel471.git" } +pyintel471 = { git = "https://github.com/MISP/PyIntel471.git" } shodan = "*" Pillow = ">=8.2.0" Wand = "*" SPARQLWrapper = "*" domaintools_api = "*" -misp-modules = { editable = true, path = "." } -pybgpranking = { editable = true, git = "https://github.com/D4-project/BGP-Ranking.git/", subdirectory = "client" } -pyipasnhistory = { editable = true, git = "https://github.com/D4-project/IPASN-History.git/", subdirectory = "client" } +misp-modules = { path = "." } +pybgpranking = { git = "https://github.com/D4-project/BGP-Ranking.git/", subdirectory = "client", ref = "68de39f6c5196f796055c1ac34504054d688aa59" } +pyipasnhistory = { git = "https://github.com/D4-project/IPASN-History.git/", subdirectory = "client", ref = "a2853c39265cecdd0c0d16850bd34621c0551b87" } backscatter = "*" pyzbar = "*" opencv-python = "*" np = "*" -ODTReader = { editable = true, git = "https://github.com/cartertemm/ODTReader.git/" } +ODTReader = { git = "https://github.com/cartertemm/ODTReader.git/" } python-pptx = "*" python-docx = "*" ezodf = "*" @@ -59,7 +59,7 @@ geoip2 = "*" apiosintDS = "*" assemblyline_client = "*" vt-graph-api = "*" -trustar = { editable = true, git = "https://github.com/SteveClement/trustar-python.git" } +trustar = { git = "https://github.com/SteveClement/trustar-python.git" } markdownify = "==0.5.3" socialscan = "*" dnsdb2 = "*" @@ -67,6 +67,10 @@ clamd = "*" aiohttp = ">=3.7.4" tau-clients = "*" vt-py = ">=0.7.1" +crowdstrike-falconpy = "0.9.0" +censys = "2.0.9" +mwdblib = "3.4.1" +ndjson = "0.3.1" [requires] -python_version = "3.6" +python_version = "3.7" diff --git a/REQUIREMENTS b/REQUIREMENTS index c0b5326d..3953daa7 100644 --- a/REQUIREMENTS +++ b/REQUIREMENTS @@ -6,150 +6,163 @@ # -i https://pypi.org/simple --e . --e git+https://github.com/D4-project/BGP-Ranking.git/@68de39f6c5196f796055c1ac34504054d688aa59#egg=pybgpranking&subdirectory=client --e git+https://github.com/D4-project/IPASN-History.git/@a2853c39265cecdd0c0d16850bd34621c0551b87#egg=pyipasnhistory&subdirectory=client --e git+https://github.com/MISP/PyIntel471.git@917272fafa8e12102329faca52173e90c5256968#egg=pyintel471 --e git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader --e git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails --e git+https://github.com/sebdraven/pyonyphe@1ce15581beebb13e841193a08a2eb6f967855fcb#egg=pyonyphe -git+https://github.com/SteveClement/trustar-python.git -aiohttp==3.7.4 +. +aiohttp==3.8.1 +aiosignal==1.2.0; python_version >= '3.6' antlr4-python3-runtime==4.8; python_version >= '3' apiosintds==1.8.3 +appdirs==1.4.4 argparse==1.4.0 -assemblyline-client==4.1.0 -async-timeout==3.0.1; python_full_version >= '3.5.3' -attrs==21.2.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +assemblyline-client==4.2.2 +async-timeout==4.0.2; python_version >= '3.6' +asynctest==0.13.0; python_version < '3.8' +attrs==21.4.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +backoff==1.11.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' backports.zoneinfo==0.2.1; python_version < '3.9' backscatter==0.2.4 -beautifulsoup4==4.9.3 -bidict==0.21.2; python_version >= '3.6' +beautifulsoup4==4.10.0 +bidict==0.21.4; python_version >= '3.6' blockchain==1.4.4 -certifi==2021.5.30 -censys==2.0.9 -cffi==1.14.6 -#chardet==4.0.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -chardet -charset-normalizer==2.0.4; python_version >= '3' +censys==2.1.2 +certifi==2021.10.8 +cffi==1.15.0 +chardet==4.0.0 +charset-normalizer==2.0.11; python_version >= '3' clamd==1.0.2 click-plugins==1.1.1 -click==8.0.1; python_version >= '3.6' +click==8.0.3; python_version >= '3.6' colorama==0.4.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -colorclass==2.2.0 +colorclass==2.2.2; python_version >= '2.6' +commonmark==0.9.1 compressed-rtf==1.0.6 -configparser==5.0.2; python_version >= '3.6' -crowdstrike-falconpy==0.9.0 -cryptography==3.4.7; python_version >= '3.6' -decorator==5.0.9; python_version >= '3.5' -deprecated==1.2.12; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +configparser==5.2.0; python_version >= '3.6' +crowdstrike-falconpy==1.0.0 +cryptography==36.0.1; python_version >= '3.6' +decorator==5.1.1; python_version >= '3.5' +deprecated==1.2.13; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' dnsdb2==1.1.3 -dnspython==2.1.0 -domaintools-api==0.5.4 +dnspython==2.2.0 +domaintools-api==0.6.1 easygui==0.98.2 ebcdic==1.1.1 enum-compat==0.0.3 extract-msg==0.28.7 -ez-setup==0.9 ezodf==0.3.2 -filelock==3.0.12 +filelock==3.4.2; python_version >= '3.7' +frozenlist==1.3.0; python_version >= '3.7' future==0.18.2; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -futures==3.1.1 -geoip2==4.2.0 -httplib2==0.19.1 +geoip2==4.5.0 +git+https://github.com/D4-project/BGP-Ranking.git/@68de39f6c5196f796055c1ac34504054d688aa59#egg=pybgpranking&subdirectory=client +git+https://github.com/D4-project/IPASN-History.git/@a2853c39265cecdd0c0d16850bd34621c0551b87#egg=pyipasnhistory&subdirectory=client +git+https://github.com/MISP/PyIntel471.git@917272fafa8e12102329faca52173e90c5256968#egg=pyintel471 +git+https://github.com/SteveClement/trustar-python.git@6954eae38e0c77eaeef26084b6c5fd033925c1c7#egg=trustar +git+https://github.com/cartertemm/ODTReader.git/@49d6938693f6faa3ff09998f86dba551ae3a996b#egg=odtreader +git+https://github.com/sebdraven/pydnstrails@48c1f740025c51289f43a24863d1845ff12fd21a#egg=pydnstrails +git+https://github.com/sebdraven/pyonyphe@aed008ee5a27e3a5e4afbb3e5cbfc47170108452#egg=pyonyphe +httplib2==0.20.4; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' idna-ssl==1.1.0; python_version < '3.7' -idna==3.2; python_version >= '3' +idna==3.3; python_version >= '3' imapclient==2.1.0 -isodate==0.6.0 +importlib-metadata==4.10.1; python_version < '3.8' +isodate==0.6.1 itsdangerous==2.0.1; python_version >= '3.6' jbxapi==3.17.2 -json-log-formatter==0.4.0 +jeepney==0.7.1; sys_platform == 'linux' +json-log-formatter==0.5.1 jsonschema==3.2.0 -lark-parser==0.11.3 +keyring==23.5.0; python_version >= '3.7' +lark-parser==0.12.0 lief==0.11.5 lxml==4.7.1 maclookup==1.0.3 markdownify==0.5.3 -maxminddb==2.0.3; python_version >= '3.6' -more-itertools==8.8.0; python_version >= '3.5' -msoffcrypto-tool==4.12.0; python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin') -multidict==5.1.0; python_version >= '3.6' +maxminddb==2.2.0; python_version >= '3.6' +more-itertools==8.12.0; python_version >= '3.5' +msoffcrypto-tool==5.0.0; python_version >= '3' and platform_python_implementation != 'PyPy' or (platform_system != 'Windows' and platform_system != 'Darwin') +multidict==6.0.2; python_version >= '3.7' +mwdblib==4.0.0 +ndjson==0.3.1 np==1.0.2 -numpy==1.21.2; python_version < '3.11' and python_version >= '3.7' +numpy==1.21.5; python_version < '3.10' and platform_machine != 'aarch64' and platform_machine != 'arm64' oauth2==1.9.0.post1 olefile==0.46; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -oletools==0.56.2 -opencv-python==4.5.3.56 +oletools==0.60 +opencv-python==4.5.5.62 +packaging==21.3; python_version >= '3.6' pandas-ods-reader==0.1.2 pandas==1.3.5 -passivetotal==2.5.4 +passivetotal==2.5.8 pcodedmp==1.2.6 -pdftotext==2.2.0 -pillow==8.3.2 -progressbar2==3.53.1 -psutil==5.8.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' -pycparser==2.20; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -pycryptodome==3.10.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -pycryptodomex==3.10.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +pdftotext==2.2.2 +pillow==9.0.1 +progressbar2==4.0.0; python_version >= '3.7' +psutil==5.9.0; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' +pycparser==2.21 +pycryptodome==3.14.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' +pycryptodomex==3.14.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' pydeep==0.4 pyeupi==1.1 +pyfaup==1.2 pygeoip==0.3.2 -pymisp[email,fileobjects,openioc,pdfexport]==2.4.148 +pygments==2.11.2; python_version >= '3.5' +pymisp[email,fileobjects,openioc,pdfexport,url]==2.4.152 pyparsing==2.4.7; python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3' pypdns==1.5.2 pypssl==2.2 -pyrsistent==0.18.0; python_version >= '3.6' +pyrsistent==0.18.1; python_version >= '3.7' pytesseract==0.3.8 python-baseconv==1.2.2 python-dateutil==2.8.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' python-docx==0.8.11 -python-engineio==4.2.1; python_version >= '3.6' -python-magic==0.4.24 -python-pptx==0.6.19 -python-socketio[client]==5.4.0; python_version >= '3.6' -python-utils==2.5.6 +python-engineio==4.3.1; python_version >= '3.6' +python-magic==0.4.25 +python-pptx==0.6.21 +python-socketio[client]==5.5.1; python_version >= '3.6' +python-utils==3.1.0; python_version >= '3.7' +pytz-deprecation-shim==0.1.0.post0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' pytz==2019.3 -pyyaml==5.4.1; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' +pyyaml==6.0; python_version >= '3.6' pyzbar==0.1.8 pyzipper==0.3.5; python_version >= '3.5' -rdflib==6.0.0; python_version >= '3.7' -redis==3.5.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' -reportlab==3.6.1 +rdflib==6.1.1; python_version >= '3.7' +redis==4.1.2; python_version >= '3.6' +reportlab==3.6.6 requests-cache==0.6.4; python_version >= '3.6' requests-file==1.5.1 -requests[security]==2.26.0 +requests[security]==2.27.1 +rich==11.1.0; python_full_version >= '3.6.2' and python_full_version < '4.0.0' rtfde==0.0.2 -ruamel.yaml.clib==0.2.6; python_version < '3.10' and platform_python_implementation == 'CPython' -ruamel.yaml==0.17.13; python_version >= '3' -shodan==1.25.0 +secretstorage==3.3.1; sys_platform == 'linux' +setuptools==60.7.1; python_version >= '3.7' +shodan==1.26.1 sigmatools==0.19.1 six==1.16.0; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' socialscan==1.4.2 socketio-client==0.5.7.4 -soupsieve==2.2.1; python_version >= '3' +soupsieve==2.3.1; python_version >= '3.6' sparqlwrapper==1.8.5 stix2-patterns==1.3.2 tabulate==0.8.9 -tau-clients==0.1.3 -tldextract==3.1.0; python_version >= '3.5' +tau-clients==0.1.9 +tldextract==3.1.2; python_version >= '3.6' tornado==6.1; python_version >= '3.5' -tqdm==4.62.2; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' -typing-extensions==3.10.0.0 -tzlocal==3.0; python_version >= '3.6' +tqdm==4.62.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3' +typing-extensions==4.0.1; python_version < '3.8' +tzdata==2021.5; python_version >= '3.6' +tzlocal==4.1; python_version >= '3.6' unicodecsv==0.14.1 url-normalize==1.4.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4, 3.5' urlarchiver==0.2 -urllib3==1.26.6; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_version < '4' +urllib3==1.26.8; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' and python_full_version < '4.0.0' validators==0.14.0 -vt-graph-api==1.1.2 -vt-py==0.7.2 -vulners==1.5.12 +vt-graph-api==1.1.3 +vt-py==0.13.1 +vulners==2.0.0 wand==0.6.7 -websocket-client==1.2.1 -wrapt==1.12.1 +websocket-client==1.2.3; python_version >= '3.6' +wrapt==1.13.3; python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3, 3.4' xlrd==2.0.1 -xlsxwriter==3.0.1; python_version >= '3.4' +xlsxwriter==3.0.2; python_version >= '3.4' yara-python==3.8.1 -yarl==1.6.3; python_version >= '3.6' -ndjson==0.3.1 -mwdblib==3.4.1 +yarl==1.7.2; python_version >= '3.6' +zipp==3.7.0; python_version >= '3.7' From 267824a6df04c8da29e99cb0ffdfcffe4d4b1e74 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Sat, 5 Feb 2022 20:23:28 +0100 Subject: [PATCH 10/13] new: Add mmdb lookup expansion module --- README.md | 1 + misp_modules/modules/expansion/__init__.py | 2 +- misp_modules/modules/expansion/mmdb_lookup.py | 112 ++++++++++++++++++ 3 files changed, 114 insertions(+), 1 deletion(-) create mode 100644 misp_modules/modules/expansion/mmdb_lookup.py diff --git a/README.md b/README.md index 6b96be20..e1e5a0f7 100644 --- a/README.md +++ b/README.md @@ -58,6 +58,7 @@ For more information: [Extending MISP with Python modules](https://www.misp-proj * [macvendors](misp_modules/modules/expansion/macvendors.py) - a hover module to retrieve mac vendor information. * [MALWAREbazaar](misp_modules/modules/expansion/malwarebazaar.py) - an expansion module to query MALWAREbazaar with some payload. * [McAfee MVISION Insights](misp_modules/modules/expansion/mcafee_insights_enrich.py) - an expansion module enrich IOCs with McAfee MVISION Insights. +* [Mmdb server lookup](misp_modules/modules/expansion/mmdb_lookup.py) - an expansion module to enrich an ip with geolocation information from an mmdb server such as ip.circl.lu. * [ocr-enrich](misp_modules/modules/expansion/ocr_enrich.py) - an enrichment module to get OCRized data from images into MISP. * [ods-enrich](misp_modules/modules/expansion/ods_enrich.py) - an enrichment module to get text out of OpenOffice spreadsheet document into MISP (using free-text parser). * [odt-enrich](misp_modules/modules/expansion/odt_enrich.py) - an enrichment module to get text out of OpenOffice document into MISP (using free-text parser). diff --git a/misp_modules/modules/expansion/__init__.py b/misp_modules/modules/expansion/__init__.py index d20fe349..63ae8e32 100644 --- a/misp_modules/modules/expansion/__init__.py +++ b/misp_modules/modules/expansion/__init__.py @@ -18,7 +18,7 @@ __all__ = ['cuckoo_submit', 'vmray_submit', 'bgpranking', 'circl_passivedns', 'c 'assemblyline_submit', 'assemblyline_query', 'ransomcoindb', 'malwarebazaar', 'lastline_query', 'lastline_submit', 'sophoslabs_intelix', 'cytomic_orion', 'censys_enrich', 'trustar_enrich', 'recordedfuture', 'html_to_markdown', 'socialscan', 'passive-ssh', - 'qintel_qsentry', 'mwdb', 'hashlookup'] + 'qintel_qsentry', 'mwdb', 'hashlookup', 'mmdb_lookup'] minimum_required_fields = ('type', 'uuid', 'value') diff --git a/misp_modules/modules/expansion/mmdb_lookup.py b/misp_modules/modules/expansion/mmdb_lookup.py new file mode 100644 index 00000000..731acd40 --- /dev/null +++ b/misp_modules/modules/expansion/mmdb_lookup.py @@ -0,0 +1,112 @@ +import json +import requests +from . import check_input_attribute, standard_error_message +from pymisp import MISPEvent, MISPObject + +misperrors = {'error': 'Error'} +mispattributes = {'input': ['ip-src', 'ip-src|port', 'ip-dst', 'ip-dst|port'], 'format': 'misp_standard'} +moduleinfo = {'version': '1', 'author': 'Jeroen Pinoy', + 'description': "An expansion module to enrich an ip with geolocation information from an mmdb server " + "such as ip.circl.lu", + 'module-type': ['expansion', 'hover']} +moduleconfig = ["custom_API"] +mmdblookup_url = 'https://ip.circl.lu/' + + +class MmdbLookupParser(): + def __init__(self, attribute, mmdblookupresult, api_url): + self.attribute = attribute + self.mmdblookupresult = mmdblookupresult + self.api_url = api_url + self.misp_event = MISPEvent() + self.misp_event.add_attribute(**attribute) + + def get_result(self): + event = json.loads(self.misp_event.to_json()) + results = {key: event[key] for key in ('Attribute', 'Object') if (key in event and event[key])} + return {'results': results} + + def parse_mmdblookup_information(self): + # There is a chance some db's have a hit while others don't so we have to check if entry is empty each time + for result_entry in self.mmdblookupresult: + if result_entry['country_info']: + mmdblookup_object = MISPObject('geolocation') + mmdblookup_object.add_attribute('country', + **{'type': 'text', 'value': result_entry['country_info']['Country']}) + mmdblookup_object.add_attribute('countrycode', + **{'type': 'text', 'value': result_entry['country']['iso_code']}) + mmdblookup_object.add_attribute('latitude', + **{'type': 'float', + 'value': result_entry['country_info']['Latitude (average)']}) + mmdblookup_object.add_attribute('longitude', + **{'type': 'float', + 'value': result_entry['country_info']['Longitude (average)']}) + mmdblookup_object.add_attribute('text', + **{'type': 'text', + 'value': 'db_source: {}. build_db: {}. Latitude and longitude are country average.'.format( + result_entry['meta']['db_source'], + result_entry['meta']['build_db'])}) + mmdblookup_object.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(mmdblookup_object) + + +def check_url(url): + return "{}/".format(url) if not url.endswith('/') else url + + +def handler(q=False): + if q is False: + return False + request = json.loads(q) + if not request.get('attribute') or not check_input_attribute(request['attribute']): + return {'error': f'{standard_error_message}, which should contain at least a type, a value and an uuid.'} + attribute = request['attribute'] + if attribute.get('type') == 'ip-src': + toquery = attribute['value'] + pass + elif attribute.get('type') == 'ip-src|port': + toquery = attribute['value'].split('|')[0] + pass + elif attribute.get('type') == 'ip-dst': + toquery = attribute['value'] + pass + elif attribute.get('type') == 'ip-dst|port': + toquery = attribute['value'].split('|')[0] + pass + else: + misperrors['error'] = 'There is no attribute of type ip-src or ip-dst provided as input' + return misperrors + api_url = check_url(request['config']['custom_API']) if 'config' in request and request['config'].get( + 'custom_API') else mmdblookup_url + r = requests.get("{}/geolookup/{}".format(api_url, toquery)) + if r.status_code == 200: + mmdblookupresult = r.json() + if not mmdblookupresult or len(mmdblookupresult) == 0: + misperrors['error'] = 'Empty result returned by server' + return misperrors + # Server might return one or multiple entries which could all be empty, we check if there is at least one + # non-empty result below + empty_result = True + for lookup_result_entry in mmdblookupresult: + if lookup_result_entry['country_info']: + empty_result = False + break + if empty_result: + misperrors['error'] = 'Empty result returned by server' + return misperrors + else: + misperrors['error'] = 'API not accessible - http status code {} was returned'.format(r.status_code) + return misperrors + parser = MmdbLookupParser(attribute, mmdblookupresult, api_url) + parser.parse_mmdblookup_information() + result = parser.get_result() + return result + + +def introspection(): + return mispattributes + + +def version(): + moduleinfo['config'] = moduleconfig + return moduleinfo From 4408f24714ba5d1743e77a55b1b82b94537647f5 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Sun, 6 Feb 2022 15:51:54 +0100 Subject: [PATCH 11/13] chg: [mmdb_lookup] Add handling of ASN details. --- misp_modules/modules/expansion/mmdb_lookup.py | 29 +++++++++++++++---- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/misp_modules/modules/expansion/mmdb_lookup.py b/misp_modules/modules/expansion/mmdb_lookup.py index 731acd40..0c54ba84 100644 --- a/misp_modules/modules/expansion/mmdb_lookup.py +++ b/misp_modules/modules/expansion/mmdb_lookup.py @@ -7,9 +7,9 @@ misperrors = {'error': 'Error'} mispattributes = {'input': ['ip-src', 'ip-src|port', 'ip-dst', 'ip-dst|port'], 'format': 'misp_standard'} moduleinfo = {'version': '1', 'author': 'Jeroen Pinoy', 'description': "An expansion module to enrich an ip with geolocation information from an mmdb server " - "such as ip.circl.lu", + "such as ip.circl.lu.", 'module-type': ['expansion', 'hover']} -moduleconfig = ["custom_API"] +moduleconfig = ["custom_API", "db_source_filter"] mmdblookup_url = 'https://ip.circl.lu/' @@ -48,6 +48,21 @@ class MmdbLookupParser(): result_entry['meta']['build_db'])}) mmdblookup_object.add_reference(self.attribute['uuid'], 'related-to') self.misp_event.add_object(mmdblookup_object) + if 'AutonomousSystemNumber' in result_entry['country']: + mmdblookup_object_asn = MISPObject('asn') + mmdblookup_object_asn.add_attribute('asn', + **{'type': 'text', + 'value': result_entry['country'][ + 'AutonomousSystemNumber']}) + mmdblookup_object_asn.add_attribute('description', + **{'type': 'text', + 'value': 'ASNOrganization: {}. db_source: {}. build_db: {}.'.format( + result_entry['country'][ + 'AutonomousSystemOrganization'], + result_entry['meta']['db_source'], + result_entry['meta']['build_db'])}) + mmdblookup_object_asn.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(mmdblookup_object_asn) def check_url(url): @@ -63,16 +78,12 @@ def handler(q=False): attribute = request['attribute'] if attribute.get('type') == 'ip-src': toquery = attribute['value'] - pass elif attribute.get('type') == 'ip-src|port': toquery = attribute['value'].split('|')[0] - pass elif attribute.get('type') == 'ip-dst': toquery = attribute['value'] - pass elif attribute.get('type') == 'ip-dst|port': toquery = attribute['value'].split('|')[0] - pass else: misperrors['error'] = 'There is no attribute of type ip-src or ip-dst provided as input' return misperrors @@ -84,6 +95,12 @@ def handler(q=False): if not mmdblookupresult or len(mmdblookupresult) == 0: misperrors['error'] = 'Empty result returned by server' return misperrors + if 'config' in request and request['config'].get('db_source_filter'): + db_source_filter = request['config'].get('db_source_filter') + mmdblookupresult = [entry for entry in mmdblookupresult if entry['meta']['db_source'] == db_source_filter] + if not mmdblookupresult or len(mmdblookupresult) == 0: + misperrors['error'] = 'There was no result with the selected db_source' + return misperrors # Server might return one or multiple entries which could all be empty, we check if there is at least one # non-empty result below empty_result = True From 0072a45aabf11c4b67e3e8a70bcecf89e476f3f9 Mon Sep 17 00:00:00 2001 From: Jeroen Pinoy Date: Mon, 7 Feb 2022 17:41:15 +0100 Subject: [PATCH 12/13] chg:[apivoid] Add handling with email verify API --- misp_modules/modules/expansion/apivoid.py | 34 +++++++++++++++++++++-- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/misp_modules/modules/expansion/apivoid.py b/misp_modules/modules/expansion/apivoid.py index a71b5e6e..3b0ce725 100755 --- a/misp_modules/modules/expansion/apivoid.py +++ b/misp_modules/modules/expansion/apivoid.py @@ -4,8 +4,8 @@ from . import check_input_attribute, standard_error_message from pymisp import MISPAttribute, MISPEvent, MISPObject misperrors = {'error': 'Error'} -mispattributes = {'input': ['domain', 'hostname'], 'format': 'misp_standard'} -moduleinfo = {'version': '0.1', 'author': 'Christian Studer', +mispattributes = {'input': ['domain', 'hostname', 'email'], 'format': 'misp_standard'} +moduleinfo = {'version': '0.2', 'author': 'Christian Studer', 'description': 'On demand query API for APIVoid.', 'module-type': ['expansion', 'hover']} moduleconfig = ['apikey'] @@ -43,6 +43,31 @@ class APIVoidParser(): ssl = requests.get(f'{self.url.format("sslinfo", apikey)}host={self.attribute.value}').json() self._parse_ssl_certificate(ssl['data']['certificate']) + def handle_email(self, apikey): + feature = 'emailverify' + if requests.get(f'{self.url.format(feature, apikey)}stats').json()['credits_remained'] < 0.06: + self.result = {'error': 'You do not have enough APIVoid credits to proceed your request.'} + return + emaillookup = requests.get(f'{self.url.format(feature, apikey)}email={self.attribute.value}').json() + email_verification = MISPObject('apivoid-email-verification') + boolean_attributes = ['valid_format', 'suspicious_username', 'suspicious_email', 'dirty_words_username', + 'suspicious_email', 'valid_tld', 'disposable', 'has_a_records', 'has_mx_records', + 'has_spf_records', 'is_spoofable', 'dmarc_configured', 'dmarc_enforced', 'free_email', + 'russian_free_email', 'china_free_email', 'suspicious_domain', 'dirty_words_domain', + 'domain_popular', 'risky_tld', 'police_domain', 'government_domain', 'educational_domain', + 'should_block'] + for boolean_attribute in boolean_attributes: + email_verification.add_attribute(boolean_attribute, + **{'type': 'boolean', 'value': emaillookup['data'][boolean_attribute]}) + email_verification.add_attribute('email', **{'type': 'email', 'value': emaillookup['data']['email']}) + email_verification.add_attribute('username', **{'type': 'text', 'value': emaillookup['data']['username']}) + email_verification.add_attribute('role_address', + **{'type': 'boolean', 'value': emaillookup['data']['role_address']}) + email_verification.add_attribute('domain', **{'type': 'domain', 'value': emaillookup['data']['domain']}) + email_verification.add_attribute('score', **{'type': 'float', 'value': emaillookup['data']['score']}) + email_verification.add_reference(self.attribute['uuid'], 'related-to') + self.misp_event.add_object(email_verification) + def _handle_dns_record(self, item, record_type, relationship): dns_record = MISPObject('dns-record') dns_record.add_attribute('queried-domain', type='domain', value=item['host']) @@ -82,7 +107,10 @@ def handler(q=False): return {'error': 'Unsupported attribute type.'} apikey = request['config']['apikey'] apivoid_parser = APIVoidParser(attribute) - apivoid_parser.parse_domain(apikey) + if attribute['type'] in ['domain', 'hostname']: + apivoid_parser.parse_domain(apikey) + else: + apivoid_parser.handle_email(apikey) return apivoid_parser.get_results() From 30287e3b03198800d8e8f3e0fe7548e3de04fce2 Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 14 Feb 2022 09:35:40 +0100 Subject: [PATCH 13/13] chg: [lib] latest stix2misp.py updated --- misp_modules/lib/stix2misp.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/misp_modules/lib/stix2misp.py b/misp_modules/lib/stix2misp.py index ed875b56..0e92aed1 100644 --- a/misp_modules/lib/stix2misp.py +++ b/misp_modules/lib/stix2misp.py @@ -22,15 +22,19 @@ import os import time import io import pymisp -import stix2 -import misp_modules.lib.stix2misp_mapping as stix2misp_mapping +import stix2misp_mapping from collections import defaultdict from copy import deepcopy from pathlib import Path -_misp_objects_path = Path(__file__).parent / 'misp-objects' / 'objects' +_misp_dir = Path(os.path.realpath(__file__)).parents[4] +_misp_objects_path = _misp_dir / 'app' / 'files' / 'misp-objects' / 'objects' _misp_types = pymisp.AbstractMISP().describe_types.get('types') from pymisp import MISPEvent, MISPObject, MISPAttribute +_scripts_path = Path(__file__).resolve().parents[1] +sys.path.insert(0, str(_scripts_path / 'cti-python-stix2')) +import stix2 + class StixParser(): _galaxy_types = ('intrusion-set', 'malware', 'threat-actor', 'tool') @@ -471,7 +475,7 @@ class StixFromMISPParser(StixParser): if hasattr(galaxy, 'labels'): return [label for label in galaxy.labels if label.startswith('misp-galaxy:')] try: - return self._synonyms_to_tag_names[name] + return self._synonyms_to_tag_names[galaxy.name] except KeyError: print(f'Unknown {galaxy._type} name: {galaxy.name}', file=sys.stderr) return [f'misp-galaxy:{galaxy._type}="{galaxy.name}"'] @@ -1097,6 +1101,8 @@ class StixFromMISPParser(StixParser): if tags: attribute['Tag'] = tags attribute.update(self.parse_timeline(stix_object)) + if hasattr(stix_object, 'description') and stix_object.description: + attribute['comment'] = stix_object.description if hasattr(stix_object, 'object_marking_refs'): self.update_marking_refs(attribute_uuid, stix_object.object_marking_refs) return attribute @@ -1107,6 +1113,8 @@ class StixFromMISPParser(StixParser): misp_object = MISPObject('file' if object_type == 'WindowsPEBinaryFile' else object_type, misp_objects_path_custom=_misp_objects_path) misp_object.uuid = stix_object.id.split('--')[1] + if hasattr(stix_object, 'description') and stix_object.description: + misp_object.comment = stix_object.description misp_object.update(self.parse_timeline(stix_object)) return misp_object, object_type @@ -1984,6 +1992,8 @@ class ExternalStixParser(StixParser): misp_object = MISPObject(name if name is not None else stix_object.type, misp_objects_path_custom=_misp_objects_path) misp_object.uuid = stix_object.id.split('--')[1] + if hasattr(stix_object, 'description') and stix_object.description: + misp_object.comment = stix_object.description misp_object.update(self.parse_timeline(stix_object)) return misp_object @@ -2057,7 +2067,7 @@ def from_misp(stix_objects): def main(args): - filename = Path(os.path.dirname(args[0]), args[1]) + filename = args[1] if args[1][0] == '/' else Path(os.path.dirname(args[0]), args[1]) with open(filename, 'rt', encoding='utf-8') as f: event = stix2.parse(f.read(), allow_custom=True, interoperability=True) stix_parser = StixFromMISPParser() if from_misp(event.objects) else ExternalStixParser()