diff --git a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
index 27446ba770..e73814912a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe970af0-3ca3-48ea-bade-be2e7d8567a6",
+    "id": "bundle--e85c66c5-8bcd-4883-8580-d0d9614e36d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
index 0baf9cb31d..922b703089 100644
--- a/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
+++ b/mobile-attack/attack-pattern/attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0544880-3945-421e-8d41-0ba7e91c8e2f",
+    "id": "bundle--e9c27b76-8709-45b7-8db7-99fdb7886e2c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
index a8b46e2830..33756ce7ea 100644
--- a/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
+++ b/mobile-attack/attack-pattern/attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c6a358b-cd1e-4201-b041-36f95c717065",
+    "id": "bundle--4ae4e713-ba03-4f3e-93cd-400cb27ba358",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
index b76106203d..f8e5411283 100644
--- a/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c9a56bc-e25c-42cb-b0e7-7da8b78c3cdf",
+    "id": "bundle--3cf33301-a32d-4159-963c-b59a92dfb4b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c.json b/mobile-attack/attack-pattern/attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c.json
new file mode 100644
index 0000000000..8f98960af1
--- /dev/null
+++ b/mobile-attack/attack-pattern/attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c.json
@@ -0,0 +1,46 @@
+{
+    "type": "bundle",
+    "id": "bundle--9ef9a369-44ab-4cf2-8a74-1feaee836d9d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-25T19:53:07.406Z",
+            "name": "Remote Access Software",
+            "description": "Adversaries may use legitimate remote access software, such as `VNC`, `TeamViewer`, `AirDroid`, `AirMirror`, etc., to establish an interactive command and control channel to target mobile devices.  \n\nRemote access applications may be installed and used post-compromise as an alternate communication channel for redundant access or as a way to establish an interactive remote session with the target device. They may also be used as a component of malware to establish a reverse connection to an adversary-controlled system or service. Installation of remote access tools may also include persistence.  ",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "command-and-control"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_version": "1.0",
+            "type": "attack-pattern",
+            "id": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+            "created": "2023-09-25T19:53:07.406Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1663",
+                    "external_id": "T1663"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
index 5dd77338b1..72df671ae9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0bcc4ec1-a897-49a9-a9ff-c00df1d1209d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9922d725-ab3d-481a-81e9-a1f4c77e76e0",
+    "id": "bundle--9c697892-3654-4683-80fd-db059d729662",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
index 312b963831..6d274b1b8f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0c71033e-401e-4b97-9309-7a7c95e43a5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d7b0740-0d62-4d60-b8af-d501c7348fe2",
+    "id": "bundle--a454be41-df65-4a25-ac78-33463c12a8fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
index 5133bd7a23..1478cdc737 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c316efa-bb21-4ef7-b06f-714a686784e4",
+    "id": "bundle--3efd7a08-d3b2-4fce-ac21-fd21b918ee1a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
index a2b920a096..b385f812f8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f0a355c2-bc4a-45d8-95c5-2ec32b7043bf",
+    "id": "bundle--bf77aefb-91b9-4880-8671-14a52ef16d6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
index 98f892a878..a24158599f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33d18949-c530-4b89-96ae-438a81a5ddd4",
+    "id": "bundle--dd34bbf1-20b3-4d10-b28a-774b5195d0f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
index 41a3538688..494418c2ae 100644
--- a/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
+++ b/mobile-attack/attack-pattern/attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--bbaad56f-2fb0-4040-b993-388e783e3381",
+    "id": "bundle--419fe3bf-1689-4ad8-8381-c0a4a1afd213",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:41:45.256Z",
+            "modified": "2023-08-15T15:06:03.427Z",
             "name": "Impersonate SS7 Nodes",
             "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim\u2019s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device\u2019s geographical cell area or nearest cell tower.(Citation: Engel-SS7)",
             "kill_chain_phases": [
@@ -47,7 +47,7 @@
                 {
                     "source_name": "CSRIC5-WG10-FinalReport",
                     "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
-                    "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
+                    "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
                 },
                 {
                     "source_name": "CSRIC-WG1-FinalReport",
diff --git a/mobile-attack/attack-pattern/attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b.json b/mobile-attack/attack-pattern/attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b.json
new file mode 100644
index 0000000000..17258cbe1d
--- /dev/null
+++ b/mobile-attack/attack-pattern/attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b.json
@@ -0,0 +1,60 @@
+{
+    "type": "bundle",
+    "id": "bundle--8b800248-8d72-40e4-b4da-7329e0392dc3",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-08T18:15:15.902Z",
+            "name": "Match Legitimate Name or Location",
+            "description": "Adversaries may match or approximate the name or location of legitimate files or resources when naming/placing them. This is done for the sake of evading defenses and observation. This may be done by giving artifacts the name and icon of a legitimate, trusted application (i.e., Settings), or using a package name that matches legitimate, trusted applications (i.e., `com.google.android.gm`). \n\nAdversaries may also use the same icon of the file or application they are trying to mimic.\n",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "defense-evasion"
+                }
+            ],
+            "x_mitre_contributors": [
+                "Ford Qin, Trend Micro",
+                "Liran Ravich, CardinalOps"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": true,
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_version": "1.0",
+            "type": "attack-pattern",
+            "id": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "created": "2023-07-12T20:45:14.704Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1655/001",
+                    "external_id": "T1655.001"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-14.html",
+                    "external_id": "APP-14"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html",
+                    "external_id": "APP-31"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
index 7cf544ff06..87d0365c9c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
+++ b/mobile-attack/attack-pattern/attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--306785f9-17d3-46dc-a4e4-bdf5b8919e54",
+    "id": "bundle--5a7db254-8e68-44f0-94b7-8c595e14d18a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
index a85ae1edd0..cb560aaccb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f97cf624-ea91-4ce2-9c98-64119f34b550",
+    "id": "bundle--c56dd4ee-3c46-4c5b-b8fa-e88220ac93cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
index 1ab9c2d8ae..30353b2f06 100644
--- a/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
+++ b/mobile-attack/attack-pattern/attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1fc12e5-588b-48ff-97f8-acf672089bc5",
+    "id": "bundle--654cf425-a24e-4d94-b7f6-ecfa99735ad6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
index 3760ff5512..5700d4b610 100644
--- a/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dfe1199f-937e-44b1-b741-34dc24e55f39",
+    "id": "bundle--98b9388f-9fd7-4883-ad93-2ab8d5a27fed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
index f872c86bc3..eada5e7954 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b373a8d1-e263-4132-aabe-b45e3f98049f",
+    "id": "bundle--66f4a865-3737-46c4-83d7-09864cf47c08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
index 137478e7e8..a845810e21 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a072dafb-5f0b-4bc8-a380-761a231eb271",
+    "id": "bundle--e2dd01ed-690f-43a2-bbb2-324f546ed46f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
index 33f6a12bcd..17fa603996 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c10842c-8b18-4447-9b16-9ca8105dd7c1",
+    "id": "bundle--a7c318fe-bb93-4b41-b0e5-2253b295254e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
index 367e07944d..d3a17a3625 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1530391-b8dc-44c7-9446-89ee308d8797",
+    "id": "bundle--b2caf91e-baf9-4371-8780-aa52e1a31b90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
index f1d7046201..62b04efe13 100644
--- a/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
+++ b/mobile-attack/attack-pattern/attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a577afff-5bc8-48d9-a7b7-6960e78dc7cf",
+    "id": "bundle--fb73a65a-ea0e-4536-a6fd-4d5c7f5712fe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
index 406a1895cc..1b0b1761db 100644
--- a/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3320dba-5a09-482a-9074-e04a99a89c79",
+    "id": "bundle--c949d5f7-96d8-4dfb-971f-7ee581bfa733",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
index 34e9512e40..aabb54d21e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2204c371-6100-4ae0-82f3-25c07c29772a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41678525-7554-432b-9448-d83257461c68",
+    "id": "bundle--6ac30371-9c1f-4994-b8cf-b503acea91f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
index f13a1b8b97..22212f2861 100644
--- a/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a84f6236-d4b3-4c88-a18a-c64a1d57df4b",
+    "id": "bundle--1bce58f4-4ddc-4f3f-8998-1fe8cc279601",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
index 95e8e60586..fe7bfb9b77 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ccbcc03-cd6f-4f9f-9509-0ac44b46efbf",
+    "id": "bundle--dec51546-d0e8-4889-822b-217f7f038fe2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
index 926c803bad..21c22841ef 100644
--- a/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
+++ b/mobile-attack/attack-pattern/attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5bd5f78a-ca97-4f0c-ae12-875e27df8883",
+    "id": "bundle--107fb472-ca1c-48e5-9bff-e79149b89e58",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
index 340e35ac73..97febeb520 100644
--- a/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
+++ b/mobile-attack/attack-pattern/attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9b5ba1f9-1270-4ac9-8daa-1862b7d7053e",
+    "id": "bundle--b9d96331-e782-4513-b761-a803047a8e42",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
index c95255fbad..2fc6eccc10 100644
--- a/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba00f8d2-3017-4fdd-9692-f4f7125e12bd",
+    "id": "bundle--690e2033-3c31-4377-8959-b320b6972c33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
index 32e2de12f8..5128fa766e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
+++ b/mobile-attack/attack-pattern/attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de75876b-4b73-4371-a4ba-cecda03cd3c6",
+    "id": "bundle--025ea13d-e5d5-43e2-bf0c-143316cab4c3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258.json b/mobile-attack/attack-pattern/attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258.json
new file mode 100644
index 0000000000..0ae1b8ee7c
--- /dev/null
+++ b/mobile-attack/attack-pattern/attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258.json
@@ -0,0 +1,67 @@
+{
+    "type": "bundle",
+    "id": "bundle--2e6e4126-d93b-4110-a786-47067632bbef",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-28T15:36:11.282Z",
+            "name": "Application Versioning",
+            "description": "An adversary may push an update to a previously benign application to add malicious code. This can be accomplished by pushing an initially benign, functional application to a trusted application store, such as the Google Play Store or the Apple App Store. This allows the adversary to establish a trusted userbase that may grant permissions to the application prior to the introduction of malicious code. Then, an application update could be pushed to introduce malicious code.(Citation: android_app_breaking_bad)\n\nThis technique could also be accomplished by compromising a developer\u2019s account. This would allow an adversary to take advantage of an existing userbase without having to establish the userbase themselves. ",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "initial-access"
+                },
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "defense-evasion"
+                }
+            ],
+            "x_mitre_contributors": [
+                "Edward Stevens, BT Security",
+                "Adam Lichters"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+            "created": "2023-09-21T22:16:38.002Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1661",
+                    "external_id": "T1661"
+                },
+                {
+                    "source_name": "android_app_breaking_bad",
+                    "description": "Stefanko, L. (2023, May 23). Android app breaking bad: From legitimate screen recording to file exfiltration within a year. Retrieved August 28, 2023.",
+                    "url": "https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-20.html",
+                    "external_id": "SPC-20"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
index 8b8cf2b554..3cddb50eba 100644
--- a/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--29e07491-8947-43a3-8d4e-9a787c45f3d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--abcb1e01-57be-4f32-9606-363d67531173",
+    "id": "bundle--bf8a42f8-3e87-4992-84de-aa263cf9cce6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
index b952b334bd..2a63e391b6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
+++ b/mobile-attack/attack-pattern/attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--535102c6-cbaa-4c5f-97e8-1dafb004c46e",
+    "id": "bundle--5182df3b-f585-446a-b954-597c42306fd8",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T15:16:19.547Z",
+            "modified": "2023-08-07T22:15:34.693Z",
             "name": "Command and Scripting Interpreter",
             "description": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, Android is a UNIX-like OS and includes a basic [Unix Shell](https://attack.mitre.org/techniques/T1623/001) that can be accessed via the Android Debug Bridge (ADB) or Java\u2019s `Runtime` package.\n\nAdversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0027) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells. ",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "1.1",
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
index d59860b382..84915cce18 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3fe9a28-0422-4602-b6eb-7b939d99848a",
+    "id": "bundle--3f91f4b0-0b49-467d-a0de-1abf32693a4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
index acc4635c22..1c53dde139 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--499d81c3-c10a-4402-9be2-5fc04bff5654",
+    "id": "bundle--32cac775-da6a-4b5a-aecc-2e204c14f618",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:43:44.687Z",
+            "modified": "2023-08-14T16:21:05.728Z",
             "name": "Ingress Tool Transfer",
             "description": "Adversaries may transfer tools or other files from an external system onto a compromised device to facilitate follow-on actions. Files may be copied from an external adversary-controlled system through the command and control channel  or through alternate protocols with another tool such as FTP.",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "2.1",
+            "x_mitre_version": "2.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
index 9dbc57deba..97d1677791 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26.json
@@ -1,53 +1,53 @@
 {
     "type": "bundle",
-    "id": "bundle--072baa3c-d82d-4553-b4ce-288cca6f31c7",
+    "id": "bundle--9004d3d2-736a-439a-ab28-ea5d185b5762",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-08-14T16:19:34.225Z",
+            "name": "Dynamic Resolution",
+            "description": "Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. This algorithm can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "command-and-control"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different Domain Generation Algorithms (DGAs), constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names or rarely visited domains.",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
             "x_mitre_platforms": [
                 "Android",
                 "iOS"
             ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "1.1",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
             ],
             "type": "attack-pattern",
             "id": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
             "created": "2022-04-05T19:57:15.734Z",
-            "x_mitre_version": "1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
-                    "external_id": "T1637",
-                    "url": "https://attack.mitre.org/techniques/T1637"
+                    "url": "https://attack.mitre.org/techniques/T1637",
+                    "external_id": "T1637"
                 },
                 {
                     "source_name": "Data Driven Security DGA",
-                    "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/",
-                    "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019."
+                    "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+                    "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. This algorithm can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.",
-            "modified": "2022-04-05T19:57:15.734Z",
-            "name": "Dynamic Resolution",
-            "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different Domain Generation Algorithms (DGAs), constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names or rarely visited domains.",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "command-and-control",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_is_subtechnique": false,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
-            ],
-            "x_mitre_attack_spec_version": "2.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
index 4dd8961f77..390ea44e8b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f177646-b457-40d7-8319-45a4e3260711",
+    "id": "bundle--99418594-613f-4159-9c17-339a88f47122",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
index 9feb53fabb..20b10a6c78 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2de38279-043e-47e8-aaad-1b07af6d0790.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d64dd489-ad2a-4e58-9b1b-70557f581651",
+    "id": "bundle--6b15f81a-533a-43bd-b0a6-46361fe9ecf2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
index 8f3c9c3191..ad90100b5f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb39b3e3-09e3-4a90-a096-b2397cf8e76d",
+    "id": "bundle--5a844a07-cf61-467c-92e9-af98132da0a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
index d55ef008ad..6567a9c6ea 100644
--- a/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc.json
@@ -1,53 +1,53 @@
 {
     "type": "bundle",
-    "id": "bundle--6b1b8127-400d-45f9-85f4-946706fab667",
+    "id": "bundle--5df9acbb-d982-49f0-82cb-7fcb2f2575e6",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-08-14T16:41:52.000Z",
+            "name": "Exfiltration Over C2 Channel",
+            "description": "Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "exfiltration"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "[Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1646) can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
             "x_mitre_platforms": [
                 "Android",
                 "iOS"
             ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "1.1",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
             ],
             "type": "attack-pattern",
             "id": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
             "created": "2022-04-01T15:43:45.913Z",
-            "x_mitre_version": "1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
-                    "external_id": "T1646",
-                    "url": "https://attack.mitre.org/techniques/T1646"
+                    "url": "https://attack.mitre.org/techniques/T1646",
+                    "external_id": "T1646"
                 },
                 {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html",
                     "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html",
                     "external_id": "APP-29"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.",
-            "modified": "2022-04-08T16:25:44.552Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Exfiltration Over C2 Channel",
-            "x_mitre_detection": "Exfiltration over C2 channel can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "exfiltration",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_is_subtechnique": false,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
-            ],
-            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
index ed00b99ef3..1c6aaa3768 100644
--- a/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
+++ b/mobile-attack/attack-pattern/attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172.json
@@ -1,12 +1,12 @@
 {
     "type": "bundle",
-    "id": "bundle--747e06fb-5a1d-4c83-9a58-883cef87ee6b",
+    "id": "bundle--620ab985-f7c4-4d76-8d09-a2ec4d878c9d",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:49:53.301Z",
+            "modified": "2023-09-08T19:20:13.836Z",
             "name": "Exploitation for Privilege Escalation",
-            "description": "Adversaries may exploit software vulnerabilities in order to to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in an application, service, within the operating system software, or kernel itself to execute adversary-controlled code. Security constructions, such as permission levels, will often hinder access to information and use of certain techniques. Adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions. \n\nWhen initially gaining access to a device, an adversary may be operating within a lower privileged process which will prevent them from accessing certain resources on the system. Vulnerabilities may exist, usually in operating system components and applications running at higher permissions, that can be exploited to gain higher levels of access on the system. This could enable someone to move from unprivileged or user- level permission to root permissions depending on the component that is vulnerable. ",
+            "description": "Adversaries may exploit software vulnerabilities in order to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in an application, service, within the operating system software, or kernel itself to execute adversary-controlled code. Security constructions, such as permission levels, will often hinder access to information and use of certain techniques. Adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions. \n\nWhen initially gaining access to a device, an adversary may be operating within a lower privileged process which will prevent them from accessing certain resources on the system. Vulnerabilities may exist, usually in operating system components and applications running at higher permissions, that can be exploited to gain higher levels of access on the system. This could enable someone to move from unprivileged or user- level permission to root permissions depending on the component that is vulnerable. ",
             "kill_chain_phases": [
                 {
                     "kill_chain_name": "mitre-mobile-attack",
diff --git a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
index ebfc3ff701..f2f17f675e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--13bb4ad6-7ab7-4e72-8093-1671dd1697ae",
+    "id": "bundle--c34baf16-f168-4193-b53d-5d31712872ae",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-16T18:31:37.189Z",
+            "modified": "2023-08-10T21:57:52.009Z",
             "name": "Call Control",
             "description": "Adversaries may make, forward, or block phone calls without user authorization. This could be used for adversary goals such as audio surveillance, blocking or forwarding calls from the device owner, or C2 communication.\n\nSeveral permissions may be used to programmatically control phone calls, including:\n\n* `ANSWER_PHONE_CALLS` - Allows the application to answer incoming phone calls(Citation: Android Permissions)\n* `CALL_PHONE` - Allows the application to initiate a phone call without going through the Dialer interface(Citation: Android Permissions)\n* `PROCESS_OUTGOING_CALLS` - Allows the application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether(Citation: Android Permissions)\n* `MANAGE_OWN_CALLS` - Allows a calling application which manages its own calls through the self-managed `ConnectionService` APIs(Citation: Android Permissions)\n* `BIND_TELECOM_CONNECTION_SERVICE` - Required permission when using a `ConnectionService`(Citation: Android Permissions)\n* `WRITE_CALL_LOG` - Allows an application to write to the device call log, potentially to hide malicious phone calls(Citation: Android Permissions)\n\nWhen granted some of these permissions, an application can make a phone call without opening the dialer first. However, if an application desires to simply redirect the user to the dialer with a phone number filled in, it can launch an Intent using `Intent.ACTION_DIAL`, which requires no specific permissions. This then requires the user to explicitly initiate the call or use some form of [Input Injection](https://attack.mitre.org/techniques/T1516) to programmatically initiate it.",
             "kill_chain_phases": [
@@ -33,7 +33,7 @@
             "x_mitre_platforms": [
                 "Android"
             ],
-            "x_mitre_version": "1.1",
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
index 638e0ee02b..b7ae2a0e97 100644
--- a/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
+++ b/mobile-attack/attack-pattern/attack-pattern--37047267-3e56-453c-833e-d92b68118120.json
@@ -1,53 +1,53 @@
 {
     "type": "bundle",
-    "id": "bundle--c3772b48-78cf-455b-98b8-7e32b8a36d47",
+    "id": "bundle--15dd12a9-2398-4f37-955a-fd5782ab3bec",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-08-14T16:40:40.166Z",
+            "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
+            "description": "Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.\n\nAdversaries may opt to obfuscate this data, without the use of encryption, within network protocols that are natively unencrypted (such as HTTP, FTP, or DNS). Adversaries may employ custom or publicly available encoding/compression algorithms (such as base64) or embed data within protocol headers and fields.",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "exfiltration"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "[Exfiltration Over Unencrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1639/001)s can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": true,
             "x_mitre_platforms": [
                 "Android",
                 "iOS"
             ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "1.1",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
             ],
             "type": "attack-pattern",
             "id": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
             "created": "2022-04-06T13:22:57.683Z",
-            "x_mitre_version": "1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
-                    "external_id": "T1639.001",
-                    "url": "https://attack.mitre.org/techniques/T1639/001"
+                    "url": "https://attack.mitre.org/techniques/T1639/001",
+                    "external_id": "T1639.001"
                 },
                 {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
                     "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
                     "external_id": "APP-30"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.\n\nAdversaries may opt to obfuscate this data, without the use of encryption, within network protocols that are natively unencrypted (such as HTTP, FTP, or DNS). Adversaries may employ custom or publicly available encoding/compression algorithms (such as base64) or embed data within protocol headers and fields.",
-            "modified": "2022-04-06T13:23:10.087Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
-            "x_mitre_detection": "Exfiltration Over Alternative Protocols can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "exfiltration",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_is_subtechnique": true,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
-            ],
-            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
index bfcb0521b7..f397f36385 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30e2a6c9-a3c5-429c-aaa8-edc6e64af1ff",
+    "id": "bundle--b3dd4d9b-8146-4222-aa3f-6841452d9b20",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
index 7657c2376c..f87b775dd7 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3911658a-6506-4deb-9ab4-595a51ae71ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72b54946-3c9d-479e-8d3d-56dac8ab37dd",
+    "id": "bundle--f71622d4-3d62-4d3a-bb5a-43296238cad8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
index f95a21bb3d..44071356c0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
+++ b/mobile-attack/attack-pattern/attack-pattern--393e8c12-a416-4575-ba90-19cc85656796.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03b172d0-b763-4fd9-928a-b9e77b2faf0c",
+    "id": "bundle--62a7e7d2-bc92-4f4a-850a-da432771489f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
index 33928a68eb..02a562ab53 100644
--- a/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e8fc769-2a3a-4f1c-9315-a3531d4d215b",
+    "id": "bundle--8093336d-1d73-4356-bd2f-bf689dd11ee2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
index 5f61efe557..de06b92067 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--711dac91-c675-4d46-82b9-58352938850a",
+    "id": "bundle--0dc070ad-97d7-46fb-b22c-cc63cb3d3c9a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
index 4c02b58a83..b38bf2acb8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4af85987-f026-4f22-93fb-c69fbf612d1f",
+    "id": "bundle--eeadbafd-d7cf-486a-8b2a-ec65859da1b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
index 8f91c8f8a2..bcd32be5e5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d.json
@@ -1,53 +1,53 @@
 {
     "type": "bundle",
-    "id": "bundle--c15e415b-3faa-4629-ab16-cf7b7eb0a0d3",
+    "id": "bundle--fb4d88b6-24a1-4c4b-82e3-4775e1cef050",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-08-14T16:39:22.707Z",
+            "name": "Exfiltration Over Alternative Protocol",
+            "description": "Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. \n\nAlternate protocols include FTP, SMTP, HTTP/S, DNS, SMB, or any other network protocol not being used as the main command and control channel. Different protocol channels could also include Web services such as cloud storage. Adversaries may opt to also encrypt and/or obfuscate these alternate channels. ",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "exfiltration"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "[Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1639)s can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
             "x_mitre_platforms": [
                 "Android",
                 "iOS"
             ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "1.1",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
             ],
             "type": "attack-pattern",
             "id": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
             "created": "2022-04-06T13:19:33.785Z",
-            "x_mitre_version": "1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
-                    "external_id": "T1639",
-                    "url": "https://attack.mitre.org/techniques/T1639"
+                    "url": "https://attack.mitre.org/techniques/T1639",
+                    "external_id": "T1639"
                 },
                 {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
                     "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
                     "external_id": "APP-30"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. \n\nAlternate protocols include FTP, SMTP, HTTP/S, DNS, SMB, or any other network protocol not being used as the main command and control channel. Different protocol channels could also include Web services such as cloud storage. Adversaries may opt to also encrypt and/or obfuscate these alternate channels. ",
-            "modified": "2022-04-29T17:29:00.038Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Exfiltration Over Alternative Protocol",
-            "x_mitre_detection": "Exfiltration Over Alternative Protocols can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "exfiltration",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_is_subtechnique": false,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
-            ],
-            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
index e1c78a1524..ccc341ee36 100644
--- a/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
+++ b/mobile-attack/attack-pattern/attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c344b53e-edd5-41ae-9969-5ae74cdf6e9d",
+    "id": "bundle--0dd4aea4-1fc9-45ed-84cc-304bf7c21626",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
index 6a3ed0f361..0ce6b34066 100644
--- a/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50ec704b-6666-4888-91bb-fc0b35b48313",
+    "id": "bundle--880f306c-4ed1-4b7c-9a43-553982d11c59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
index 6769cee153..500b5cad17 100644
--- a/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
+++ b/mobile-attack/attack-pattern/attack-pattern--498e7b81-238d-404c-aa5e-332904d63286.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c92a035-b376-4916-9a8e-a6be05d0ad78",
+    "id": "bundle--f5bf4f56-8156-4ca6-8c7e-e1d098c7545e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
index b2834bfcba..99bd7b0821 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f75ef21-2ca3-4e52-bc2a-c39b26f6d60e",
+    "id": "bundle--fb75455c-ef59-4689-9a65-741650c691d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
index 72e3e189e8..122e7f64c5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9b027c7d-ffd3-490f-a683-62853260ce2e",
+    "id": "bundle--d7b1ef7c-36f3-4413-ae66-288cbee74561",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
index 44fa3b38a8..cb2d543544 100644
--- a/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
+++ b/mobile-attack/attack-pattern/attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c0ecefe-47c9-48f0-83dc-bfc47c10c940",
+    "id": "bundle--662888de-1e2a-40a1-8a2e-25901ec589c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
index 25324eafe0..44733ace7a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
+++ b/mobile-attack/attack-pattern/attack-pattern--51636761-2e35-44bf-9e56-e337adf97174.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--068b5f5d-8a4f-401a-8b73-bf99bfd104c8",
+    "id": "bundle--4bf98011-bae5-4158-b858-28d93b289b61",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
index e56f3b4801..9fd398d721 100644
--- a/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
+++ b/mobile-attack/attack-pattern/attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a524082-c610-4933-84f3-1108001e862d",
+    "id": "bundle--d85ac3e5-620a-4161-b5f7-17c9d83e2df5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
index c1d01ce90c..df3caefddc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--869382e9-f57d-49f3-b3ab-0ebd9e39a63c",
+    "id": "bundle--d367b7f6-a602-4f2f-8cc0-6af5c53e1d42",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
index 9299168bbc..f06c9b1ec4 100644
--- a/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c601fc44-69c8-4116-a10f-ff47930af628",
+    "id": "bundle--9d8ab387-7af3-4d20-ae0d-860e06b71f03",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
index 66513a88af..d49baeb8a5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
+++ b/mobile-attack/attack-pattern/attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7874bcb4-393d-437a-b1d6-b5f10197bec4",
+    "id": "bundle--c8b5383a-af55-4af1-bf7f-930b81ef6b2c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
index dcbbf5dee8..3c43ee2c1d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
+++ b/mobile-attack/attack-pattern/attack-pattern--537ea573-8a1c-468c-956b-d16d2ed9d067.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa2033d6-3bec-4aef-9f3c-5e5dd3b7e4cd",
+    "id": "bundle--6dc8c19d-956c-42e1-8523-df78483206e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b.json b/mobile-attack/attack-pattern/attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b.json
new file mode 100644
index 0000000000..934427a60b
--- /dev/null
+++ b/mobile-attack/attack-pattern/attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b.json
@@ -0,0 +1,52 @@
+{
+    "type": "bundle",
+    "id": "bundle--1995bfed-698b-41b4-8c52-ecfc1706c9db",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-28T17:02:58.893Z",
+            "name": "Exploitation for Client Execution",
+            "description": "Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to insecure coding practices that can lead to unanticipated behavior. Adversaries may take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility. \n\nAdversaries may use device-based zero-click exploits for code execution. These exploits are powerful because there is no user interaction required for code execution. \n\n### SMS/iMessage Delivery  \n\nSMS and iMessage in iOS are common targets through [Drive-By Compromise](https://attack.mitre.org/techniques/T1456), [Phishing](https://attack.mitre.org/techniques/T1660), etc. Adversaries may use embed malicious links, files, etc. in SMS messages or iMessages. Mobile devices may be compromised through one-click exploits, where the victim must interact with a text message, or zero-click exploits, where no user interaction is required. \n\n### AirDrop \n\nUnique to iOS, AirDrop is a network protocol that allows iOS users to transfer files between iOS devices. Before patches from Apple were released, on iOS 13.4 and earlier, adversaries may force the Apple Wireless Direct Link (AWDL) interface to activate, then exploit a buffer overflow to gain access to the device and run as root without interaction from the user.  ",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "execution"
+                }
+            ],
+            "x_mitre_contributors": [
+                "Giorgi Gurgenidze, ISAC"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+            "created": "2023-08-23T22:13:27.313Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1658",
+                    "external_id": "T1658"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
index 06b134a00b..a2020bfeff 100644
--- a/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00ba31b8-1dba-49c2-9223-4e4eb1260369",
+    "id": "bundle--ce7a1a3f-9d4e-4e9b-bb5f-af338f90c2d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
index 4017d33ef9..ba0fbd2181 100644
--- a/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
+++ b/mobile-attack/attack-pattern/attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d668b9e7-2ecd-4d20-a1fe-9ef47a368e4c",
+    "id": "bundle--0b5bc4f8-628c-4ce9-ab6f-fccf8f039181",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
index 5f279311bf..dd91f5fe70 100644
--- a/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--62adb627-f647-498e-b4cc-41499361bacb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c72f9bc-1b57-4ff1-ac0f-752cf51a4c7d",
+    "id": "bundle--a71ba685-6c20-4eca-9c62-18d24f37d63d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
index 2bfeebca9b..d5cd4a9663 100644
--- a/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c9754ff-99f0-443e-a86e-a79baa04973f",
+    "id": "bundle--3d49b00d-8f16-4376-b2a9-52e569c1f209",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
index afc675fbe6..ccfb4abcfc 100644
--- a/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e04e05b0-879a-4dc6-8f34-c3660ee16ae8",
+    "id": "bundle--f30a039f-6ac9-4528-8031-205fd65aea6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
index a21563f321..17be7430a6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d.json
@@ -1,92 +1,92 @@
 {
     "type": "bundle",
-    "id": "bundle--8185466b-cd0c-4b69-980b-7945622a30ce",
+    "id": "bundle--3c7d48b2-a48b-494b-a1fa-c97a55cd44a1",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-08-07T17:13:04.396Z",
+            "name": "Replication Through Removable Media",
+            "description": "Adversaries may move onto devices by exploiting or copying malware to devices connected via USB. In the case of Lateral Movement, adversaries may utilize the physical connection of a device to a compromised or malicious charging station or PC to bypass application store requirements and install malicious applications directly.(Citation: Lau-Mactans) In the case of Initial Access, adversaries may attempt to exploit the device via the connection to gain access to data stored on the device.(Citation: Krebs-JuiceJacking) Examples of this include: \n \n* Exploiting insecure bootloaders in a Nexus 6 or 6P device over USB and gaining the ability to perform actions including intercepting phone calls, intercepting network traffic, and obtaining the device physical location.(Citation: IBM-NexusUSB) \n* Exploiting weakly-enforced security boundaries in Android devices such as the Google Pixel 2 over USB.(Citation: GoogleProjectZero-OATmeal) \n* Products from Cellebrite and Grayshift purportedly that can exploit some iOS devices using physical access to the data port to unlock the passcode.(Citation: Computerworld-iPhoneCracking) ",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "initial-access"
+                },
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "lateral-movement"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
             "x_mitre_platforms": [
                 "Android",
                 "iOS"
             ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "2.1",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
             ],
             "type": "attack-pattern",
             "id": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
             "created": "2017-10-25T14:48:23.233Z",
-            "x_mitre_version": "2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
-                    "external_id": "T1458",
-                    "url": "https://attack.mitre.org/techniques/T1458"
+                    "url": "https://attack.mitre.org/techniques/T1458",
+                    "external_id": "T1458"
                 },
                 {
                     "source_name": "Krebs-JuiceJacking",
-                    "url": "http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/",
-                    "description": "Brian Krebs. (2011, August 17). Beware of Juice-Jacking. Retrieved December 23, 2016."
+                    "description": "Brian Krebs. (2011, August 17). Beware of Juice-Jacking. Retrieved December 23, 2016.",
+                    "url": "http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/"
                 },
                 {
                     "source_name": "GoogleProjectZero-OATmeal",
-                    "url": "https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html",
-                    "description": "Jann Horn. (2018, September 10). OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB. Retrieved September 18, 2018."
+                    "description": "Jann Horn. (2018, September 10). OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB. Retrieved September 18, 2018.",
+                    "url": "https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html"
                 },
                 {
                     "source_name": "Lau-Mactans",
-                    "url": "https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf",
-                    "description": "Lau et al.. (2013). Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers. Retrieved December 23, 2016."
+                    "description": "Lau et al.. (2013). Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers. Retrieved December 23, 2016.",
+                    "url": "https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf"
                 },
                 {
                     "source_name": "Computerworld-iPhoneCracking",
-                    "url": "https://www.computerworld.com/article/3268729/apple-ios/two-vendors-now-sell-iphone-cracking-technology-and-police-are-buying.html",
-                    "description": "Lucas Mearian. (2018, May 9). Two vendors now sell iPhone cracking technology \u2013 and police are buying. Retrieved September 21, 2018."
+                    "description": "Lucas Mearian. (2018, May 9). Two vendors now sell iPhone cracking technology \u2013 and police are buying. Retrieved September 21, 2018.",
+                    "url": "https://www.computerworld.com/article/3268729/apple-ios/two-vendors-now-sell-iphone-cracking-technology-and-police-are-buying.html"
                 },
                 {
                     "source_name": "IBM-NexusUSB",
-                    "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/",
-                    "description": "Roee Hay. (2017, January 5). Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes. Retrieved January 11, 2017."
+                    "description": "Roee Hay. (2017, January 5). Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes. Retrieved January 11, 2017.",
+                    "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
                 },
                 {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-1.html",
                     "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-1.html",
                     "external_id": "PHY-1"
                 },
                 {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-2.html",
                     "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-2.html",
                     "external_id": "PHY-2"
                 },
                 {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html",
                     "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html",
                     "external_id": "STA-6"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may move onto devices by exploiting or copying malware to devices connected via USB. In the case of Lateral Movement, adversaries may utilize the physical connection of a device to a compromised or malicious charging station or PC to bypass application store requirements and install malicious applications directly.(Citation: Lau-Mactans) In the case of Initial Access, adversaries may attempt to exploit the device via the connection to gain access to data stored on the device.(Citation: Krebs-JuiceJacking) Examples of this include: \n \n* Exploiting insecure bootloaders in a Nexus 6 or 6P device over USB and gaining the ability to perform actions including intercepting phone calls, intercepting network traffic, and obtaining the device physical location.(Citation: IBM-NexusUSB) \n* Exploiting weakly-enforced security boundaries in Android devices such as the Google Pixel 2 over USB.(Citation: GoogleProjectZero-OATmeal) \n* Products from Cellebrite and Grayshift purportedly that can exploit some iOS devices using physical access to the data port to unlock the passcode.(Citation: Computerworld-iPhoneCracking) ",
-            "modified": "2022-04-08T15:53:11.864Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Replication Through Removable Media",
-            "x_mitre_detection": "",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "initial-access",
-                    "kill_chain_name": "mitre-mobile-attack"
-                },
-                {
-                    "phase_name": "lateral-movement",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_is_subtechnique": false,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
-            ],
-            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
index ed3cb707e6..478ebdccab 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--589484b8-8d61-442e-bef7-fbb3a9311131",
+    "id": "bundle--4a67a0a9-df57-4add-9ad3-24dbb25c51bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
index 44580816ed..7f8265d64c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--177e4394-2b22-4420-b6c4-d12df8c33dca",
+    "id": "bundle--50f5ff5c-daa5-42da-89b8-65b35b9150e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
index a1bbc6c9a7..db0d8db24d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--6028e15a-f8c2-4b13-a016-6c55698fe8da",
+    "id": "bundle--2ba4efd0-68f4-443b-82e2-107dcc82624c",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:41:18.389Z",
+            "modified": "2023-08-07T22:48:30.418Z",
             "name": "Unix Shell",
             "description": "Adversaries may abuse Unix shell commands and scripts for execution. Unix shells are the underlying command prompts on Android and iOS devices. Unix shells can control every aspect of a system, with certain commands requiring elevated privileges that are only accessible if the device has been rooted or jailbroken. \n\nUnix shells also support scripts that enable sequential execution of commands as well as other typical programming operations such as conditionals and loops. Common uses of shell scripts include long or repetitive tasks, or the need to run the same set of commands on multiple systems. \n\nAdversaries may abuse Unix shells to execute various commands or payloads. Interactive shells may be accessed through command and control channels or during lateral movement such as with SSH. Adversaries may also leverage shell scripts to deliver and execute multiple commands on victims or as part of payloads used for persistence. \n\nIf the device has been rooted or jailbroken, adversaries may locate and invoke a superuser binary to elevate their privileges and interact with the system as the root user. This dangerous level of permissions allows the adversary to run special commands and modify protected system files.  ",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "1.1",
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
index 76a1c54573..417f04c9ae 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4c9fa20-efc7-41f7-86d4-e44de9d2a27f",
+    "id": "bundle--905be0f1-287b-4cef-aa0c-0b9aef3ab6da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
index aed6a960de..17eaf30f53 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95ef1e11-0287-42e1-9a3a-249793a11aef",
+    "id": "bundle--ebd13b09-75d0-4e0a-894c-0eca4aac3beb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
index 74b41b3cfa..ee4fcbf3df 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--353f142f-79a9-45cf-9324-359f0695a313",
+    "id": "bundle--88931d90-e761-45ad-aa25-b45f39a4a615",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:21:59.494Z",
+            "modified": "2023-08-08T16:23:41.271Z",
             "name": "Download New Code at Runtime",
             "description": "Adversaries may download and execute dynamic code not included in the original application package after installation. This technique is primarily used to evade static analysis checks and pre-publication scans in official app stores. In some cases, more advanced dynamic or behavioral analysis techniques could detect this behavior. However, in conjunction with [Execution Guardrails](https://attack.mitre.org/techniques/T1627) techniques, detecting malicious code downloaded after installation could be difficult.\n\nOn Android, dynamic code could include native code, Dalvik code, or JavaScript code that utilizes Android WebView\u2019s `JavascriptInterface` capability. \n\nOn iOS, dynamic code could be downloaded and executed through 3rd party libraries such as JSPatch. (Citation: FireEye-JSPatch) ",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "1.4",
+            "x_mitre_version": "1.5",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
index 5430198ca8..d8136c6ab6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f283ecd-9ed4-4c0c-a229-0f6eec016483",
+    "id": "bundle--9c6f1342-6053-4f79-8100-fc1511869164",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
index 2d1345b32a..c06e61bf0e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0995a89-fd26-4ca5-a7ce-15ee2a7c1b24",
+    "id": "bundle--b469bd99-222e-4cc8-bd43-731f458ef270",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
index 3908779350..608349217c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
+++ b/mobile-attack/attack-pattern/attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81a94fb4-b76e-427e-9650-dbd4e22ec565",
+    "id": "bundle--6e5b1853-a595-4b04-8e12-00b4ae87d478",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
index 6813852d9b..8049569722 100644
--- a/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b6d8958-c145-4ee1-b7b8-72e66fd69463",
+    "id": "bundle--4a2dd755-8ea0-4026-b9c4-f70cb02dcf83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
index b2484fbc0b..241031877e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e57b0263-d91e-44a2-965c-ec0bff2f3d02",
+    "id": "bundle--af9bb367-e1ae-46c5-b3b9-4c86faf31b09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
index cf8df4cb4b..d262147ae8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3abe3859-72d9-42f2-8189-fc7550ce73ad",
+    "id": "bundle--3c14a18d-2b96-4b9c-8c21-661edc8cd07c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
index 146efe17b2..1970c4deeb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
+++ b/mobile-attack/attack-pattern/attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34ce7135-5070-4baf-a62b-60580faf6a69",
+    "id": "bundle--1d391c96-acc4-423d-8e76-16414de96e69",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
index c0915a31d8..01444a4abe 100644
--- a/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5d1f2b9-c39f-4461-88b9-709ecc1364b9",
+    "id": "bundle--5e4cb734-bf52-4cc8-b8bb-51a7e516087f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
index 46de9be40e..76f177462c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae7e3bbf-dc29-4671-8f86-7f51c99e360b",
+    "id": "bundle--fe61137a-f545-4632-a970-e50634338007",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
index 9d5a0f1ff6..d1a5f5ea2f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e84098c4-1f25-4d12-89a6-497700ecf566",
+    "id": "bundle--b1487b7c-da5d-4f7f-99fa-7761fb23c4ec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
index 00d9f96c0e..578ca2d646 100644
--- a/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--46831905-767b-4bd6-9a43-5a13a5a77979",
+    "id": "bundle--54557e26-78fb-4f89-b947-77abd3b1717d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
index 3e4d7775e9..634dd1eeb9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
+++ b/mobile-attack/attack-pattern/attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38e4df58-d165-45a2-8c1b-6fc4f74b26e2",
+    "id": "bundle--800c5bfb-aa76-430c-b3bd-130d5dd59f7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
index fe994da08f..f0a69fd66a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99526fbd-1faa-4954-b583-69f08029ea29",
+    "id": "bundle--22a0c446-ab31-4921-bed8-4ea50cbea3ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
index c825782c1f..1551dea582 100644
--- a/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
+++ b/mobile-attack/attack-pattern/attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f94db3be-2ae7-403b-94ea-6a7d5ddc1b92",
+    "id": "bundle--6834b6f8-c7e9-47c9-9605-d803c1de5ed3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
index 43b0377841..18a2c11fcb 100644
--- a/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
+++ b/mobile-attack/attack-pattern/attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b02bf35e-b16e-4d01-8cd3-8cd44d16a581",
+    "id": "bundle--e7ad3f6f-1f81-46a0-b0ba-f68f1828554e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
index 316c496109..64918cc6ad 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65aab7a7-ba96-422b-84a8-37f5c5b45f63",
+    "id": "bundle--84da80a5-ec31-4560-8ac4-cda7346b1419",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
index 7793d4671e..8ab9e92d6e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--88932a8c-3a17-406f-9431-1da3ff19f6d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8c26e6e-d1e0-4103-9085-ac664ec930d9",
+    "id": "bundle--556dc158-ecaa-4f0b-8c1f-f0f68e81bb8d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
index 78e986db2b..4e76daba7e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
+++ b/mobile-attack/attack-pattern/attack-pattern--89fcd02f-62dc-40b9-a54b-9ac4b1baef05.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72f58244-881f-4ea1-8b41-ceffd77ab217",
+    "id": "bundle--8fd30592-6273-4d8d-8840-c0e03fea0642",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
index 40a8fc6927..9166385122 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9224ff18-c785-4f06-9ce9-d82f763e2dc3",
+    "id": "bundle--a787f077-cde0-49c0-95e2-22e9ecf9610d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
index 233ea82527..299fdc9c0e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8e27551a-5080-4148-a584-c64348212e4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8bb97d20-ab93-41ad-9962-fe0ad404c969",
+    "id": "bundle--0e631253-5889-464c-9d8a-1820e629760a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
index b30ec30fdc..77997b1b9d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--566840bf-5cce-4b63-afdb-316516951088",
+    "id": "bundle--c0f58a40-8dfb-40d0-82b7-e662944b9452",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
index 96527f5e74..a08ba2f6ab 100644
--- a/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--8f142a25-f6c3-4520-bd50-2ae3ab50ed3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4265e351-99be-46c2-a5c0-77608f8f7cce",
+    "id": "bundle--396f2e20-cd3a-41dd-9c23-c29c79d42553",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
index af08f13524..03e95deeda 100644
--- a/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
+++ b/mobile-attack/attack-pattern/attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--2d251495-b6de-4b46-a3a8-8638c9e5544b",
+    "id": "bundle--b52e8c3b-7edb-46f1-9518-50a4296a4a81",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-16T13:32:55.266Z",
+            "modified": "2023-08-14T16:34:55.968Z",
             "name": "Bidirectional Communication",
             "description": "Adversaries may use an existing, legitimate external Web service channel as a means for sending commands to and receiving output from a compromised system. Compromised systems may leverage popular websites and social media to host command and control (C2) instructions. Those infected systems can then send the output from those commands back over that Web service channel. The return traffic may occur in a variety of ways, depending on the Web service being utilized. For example, the return traffic may take the form of the compromised system posting a comment on a forum, issuing a pull request to development project, updating a document hosted on a Web service, or by sending a Tweet. \n\n \n\nPopular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. ",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "1.1",
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
index a691d5f126..6049286319 100644
--- a/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5.json
@@ -1,12 +1,12 @@
 {
     "type": "bundle",
-    "id": "bundle--88fc80dc-59ea-4004-ae7a-69e4a76376b8",
+    "id": "bundle--24671fbe-11c3-4924-8cd9-fd7cd570127c",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:51:58.228Z",
+            "modified": "2023-09-08T19:21:40.736Z",
             "name": "Non-Standard Port",
-            "description": "Adversaries may generate network traffic using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.",
+            "description": "Adversaries may generate network traffic using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.",
             "kill_chain_phases": [
                 {
                     "kill_chain_name": "mitre-mobile-attack",
diff --git a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
index 06c24ce549..974e30d5d0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9033a6b3-2ee7-4493-b51f-ae88ae9621c4",
+    "id": "bundle--e1e3a3e7-c044-4fb6-bc27-23244a94e259",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
index 0cac2b0e9e..37fa641e08 100644
--- a/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--475a4bb8-d63f-4ad0-9c68-f386024a0843",
+    "id": "bundle--c05012bf-0613-4391-b16f-5dba34e8ad63",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T15:56:04.790Z",
+            "modified": "2023-08-14T16:33:56.861Z",
             "name": "Dead Drop Resolver",
             "description": "Adversaries may use an existing, legitimate external Web service to host information that points to additional command and control (C2) infrastructure. Adversaries may post content, known as a dead drop resolver, on Web services with embedded (and often obfuscated/encoded) domains or IP addresses. Once infected, victims will reach out to and be redirected by these resolvers. \n\n \n\nPopular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. \n\n \n\nUse of a dead drop resolver may also protect back-end C2 infrastructure from discovery through malware binary analysis, or enable operational resiliency (since this infrastructure may be dynamically changed). ",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "1.1",
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
index 7f7dd5911d..f1d256504d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
+++ b/mobile-attack/attack-pattern/attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f751e45-8d4c-42d9-9351-faac3fc36e3e",
+    "id": "bundle--d616470a-61cf-4425-98de-3d86c0d639b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
index efce3cda36..4d2400a16b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73861d9c-dd46-47f4-90ff-0c6d5758fd7a",
+    "id": "bundle--872e877a-5a32-4519-9a80-4bc8e2046afe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
index f4bfaf3175..05319f29a3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ffd2d57-38e9-48cb-8720-5c59e8dcd477",
+    "id": "bundle--8268b72a-ce89-408d-8e26-ef8bfc24dddd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
index ebcb84df6a..89a5e87671 100644
--- a/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b012ac16-0dd6-4ba1-b5ab-b4a6b64437af",
+    "id": "bundle--73a5bcef-990c-4a54-80ad-05b112cda50b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242.json b/mobile-attack/attack-pattern/attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242.json
new file mode 100644
index 0000000000..9d88d44062
--- /dev/null
+++ b/mobile-attack/attack-pattern/attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242.json
@@ -0,0 +1,61 @@
+{
+    "type": "bundle",
+    "id": "bundle--6b034feb-c38a-4ff0-a071-944d544828f5",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-27T21:09:27.288Z",
+            "name": "Data Destruction",
+            "description": "Adversaries may destroy data and files on specific devices or in large numbers to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives.  \n\nTo achieve data destruction, adversaries may use the `pm uninstall` command to uninstall packages or the `rm` command to remove specific files. For example, adversaries may first use `pm uninstall` to uninstall non-system apps, and then use `rm (-f) <file(s)>` to delete specific files, further hiding malicious activity.(Citation: rootnik_rooting_tool)(Citation: abuse_native_linux_tools)",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "impact"
+                }
+            ],
+            "x_mitre_contributors": [
+                "Liran Ravich, CardinalOps"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+            "created": "2023-09-22T19:09:15.698Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1662",
+                    "external_id": "T1662"
+                },
+                {
+                    "source_name": "rootnik_rooting_tool",
+                    "description": "Hu, W., et al. (2015, December 4). Rootnik Android Trojan Abuses Commercial Rooting Tool and Steals Private Information. Retrieved September 26, 2023.",
+                    "url": "https://unit42.paloaltonetworks.com/rootnik-android-trojan-abuses-commercial-rooting-tool-and-steals-private-information/"
+                },
+                {
+                    "source_name": "abuse_native_linux_tools",
+                    "description": "Surana, N., et al. (2022, September 8). How Malicious Actors Abuse Native Linux Tools in Attacks. Retrieved September 26, 2023.",
+                    "url": "https://www.trendmicro.com/en_za/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
index 09ea5f2430..39db5aa4a1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a0464539-e1b7-4455-a355-12495987c300.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f9f50aa-8e53-4869-8f96-ff3f949ff90c",
+    "id": "bundle--fcb8e41c-bc86-4190-9348-ba0a8e3a17b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
index a3c9507af7..9470c978e8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7ab7148-045f-4b93-b08e-a512709587eb",
+    "id": "bundle--5fed814a-3e4a-4261-881b-1bae7bb23bed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
index b77a2a0ae2..14e9fd77ba 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--92f61d34-933d-4455-8909-dbf0d7cebedd",
+    "id": "bundle--89eae101-f4a4-441a-a35a-854fcf81df3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
index bd0bba4163..0ea6b710b1 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a64a820a-cb21-471f-920c-506a2ff04fa5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--51a83ef4-d8c1-459f-b6f8-6d37399c740d",
+    "id": "bundle--faac1b48-8ef5-4502-abff-216a171c7150",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
index ef4b0f2e28..0ff7e54446 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12bf5476-93d6-4bd7-ab73-2cdc3013b26d",
+    "id": "bundle--d3d14d89-0b80-46d8-a064-e1e95139b808",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
index b9d7aef60f..73ec6c0620 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ef03a06-3054-4f2a-9e5d-88a5fe5b90ed",
+    "id": "bundle--65afcf13-22aa-4288-83b2-351ed0780008",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
index 0e79962b5b..27d5053021 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebd0b051-74d2-4422-b682-57db21c1be2f",
+    "id": "bundle--7e86ce5f-3b0f-4440-8261-ea5265dad7cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
index d18452f7ad..5a75a8b533 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a93ccb8f-3996-42e2-b7c7-bb599d4e205f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2f62ff6-5cce-43e4-82c5-a5be9eb8c51a",
+    "id": "bundle--f05b320e-76ff-4ee9-86b8-a1b8e1a57b39",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
index 585715dbaa..c267f60607 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28890dea-cd7a-4402-a7a3-e5315a3b236e",
+    "id": "bundle--d23ec2cf-652b-43ca-98e2-1a06478f326e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
index 8c946954fc..92cee11637 100644
--- a/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
+++ b/mobile-attack/attack-pattern/attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9484df21-841a-425c-8529-a452795d1da3",
+    "id": "bundle--02f0dd25-06b4-4a94-b047-4858a1335e33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
index a128310c66..a9132cc726 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40854944-8470-4f60-a61e-4af54cdce959",
+    "id": "bundle--2bb651f7-b72c-4b6e-abd7-181feaea5810",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
index 67af75e59f..e1a485ec9b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
+++ b/mobile-attack/attack-pattern/attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7229adc0-38fd-47fc-9f62-45510cce15e3",
+    "id": "bundle--d2320b4c-819d-4c0a-a247-22aef9591dbd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
index a656750548..a119d5d4de 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f91c801c-250c-48e8-8bce-5edac914c6b2",
+    "id": "bundle--4356836e-e245-484d-93f9-977ae90afce9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
index 65b4ae088f..be62706cac 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70d9f99a-fea8-4997-9f5f-3efa6c0f197f",
+    "id": "bundle--9cbf2e59-496c-40d7-b034-65f392dc4960",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
index 3a1c1d9b5f..a291a82586 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a451767-de8d-45f9-899f-c7d14d8adb70",
+    "id": "bundle--d5f56431-6565-4555-bbd6-09edf556c07f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
index 2736690a24..bd617e2090 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86a55b4a-9652-46c7-abaf-4ded07978314",
+    "id": "bundle--4c29a7fe-5a32-48bd-bfba-ac74b669e498",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
index 5c259a817a..93fb4bedf9 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c9bc7ee-0f8e-4dc9-81d8-0547a3d9a197",
+    "id": "bundle--c8efff84-2be2-4120-a70c-3e4325a0d1a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
index bb52ce8c07..854d9c1026 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf0cf9f7-58f0-400c-a6e5-a69cece5576e",
+    "id": "bundle--105a9651-c7e5-44a3-b335-0b119e79690c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
index cd2ec39673..2bfebf9374 100644
--- a/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
+++ b/mobile-attack/attack-pattern/attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7bff4b4e-d8d5-42f4-825a-9da31209e305",
+    "id": "bundle--3f3c0b14-7d92-4abc-b81f-ec26b2021b25",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
index c72f0b5550..1a06641ced 100644
--- a/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
+++ b/mobile-attack/attack-pattern/attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce93c3cf-f60c-4d46-ab46-f5be640ac75f",
+    "id": "bundle--8a32da27-9cc2-435c-8435-196bb7581d55",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
index 61bcf00367..22eb4ce81e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
+++ b/mobile-attack/attack-pattern/attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc872fca-38e3-4531-93ce-f33252c48f93",
+    "id": "bundle--d9dc5b96-faa7-415f-8ac1-66ab2c043b80",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
index 03e431280f..2246701416 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1133a406-8d38-41f3-bf5e-263a9bbf0c61",
+    "id": "bundle--33b3d307-981d-469f-8b9e-56771ac98c4c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
index 1899d23e4e..14c969166b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52f94db7-7b61-4b27-8695-b6a3919de9e5",
+    "id": "bundle--98b140a5-b5a9-42db-acaf-0b62fb8c475d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
index 6530966fd1..7bf846f53d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--994c3652-2747-4fd8-a23f-cb45ca1dc54d",
+    "id": "bundle--e60225c1-0237-44ce-ba85-739db7509359",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
index b9a78d289f..5f85a2487f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1043f93-8b06-4c0d-b240-2210ddb83656",
+    "id": "bundle--9edaa285-46b3-4203-abe0-4b9dddea6b22",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
index 0e5a5d8471..95de2139b6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6421411-ae61-42bb-9098-73fddb315002.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdb92083-02ac-40ad-ad79-4620b799a456",
+    "id": "bundle--bbf13999-31d6-4aeb-bd60-8d623506e56c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
index 1e93a0bdd3..a8932fdb15 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--458b3435-37c8-45e0-83fd-65423005903e",
+    "id": "bundle--8777ff39-cbd2-4c77-ba3a-2658df93db88",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:37:13.730Z",
+            "modified": "2023-08-14T16:31:37.317Z",
             "name": "Web Service",
             "description": "Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. \n\n \n\nUse of Web services may also protect back-end C2 infrastructure from discovery through malware binary analysis, or enable operational resiliency (since this infrastructure may be dynamically changed). \n\n ",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "1.2",
+            "x_mitre_version": "1.3",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
index ae422d9364..07191033cd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831.json
@@ -1,12 +1,12 @@
 {
     "type": "bundle",
-    "id": "bundle--d181b5ef-d218-4860-9f41-3a374dc9d6f1",
+    "id": "bundle--d6bb1ebb-2430-4fc3-91ab-844ea1440031",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:46:08.412Z",
+            "modified": "2023-09-08T19:20:51.220Z",
             "name": "System Runtime API Hijacking",
-            "description": "Adversaries may execute their own malicious payloads by hijacking the way an operating system run applications. Hijacking execution flow can be for the purposes of persistence since this hijacked execution may reoccur at later points in time. \n\n\nOn Android, adversaries may overwrite the standard OS API library with a malicious alternative to hook into core functions to achieve persistence. By doing this, the adversary\u2019s code will be executed every time the overwritten API function is called by an app on the infected device.",
+            "description": "Adversaries may execute their own malicious payloads by hijacking the way an operating system runs applications. Hijacking execution flow can be for the purposes of persistence since this hijacked execution may reoccur at later points in time. \n\n\nOn Android, adversaries may overwrite the standard OS API library with a malicious alternative to hook into core functions to achieve persistence. By doing this, the adversary\u2019s code will be executed every time the overwritten API function is called by an app on the infected device.",
             "kill_chain_phases": [
                 {
                     "kill_chain_name": "mitre-mobile-attack",
diff --git a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
index dca0333dad..755a2431e8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d3ce03f-8ef8-45f2-8ed3-a4c1fa826a4d",
+    "id": "bundle--1ce4a214-8a57-441c-9e66-795bfe0cff0f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
index 613d6f4ac9..5566ac1c9d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3.json
@@ -1,12 +1,12 @@
 {
     "type": "bundle",
-    "id": "bundle--9f4e064f-37aa-419c-99a6-c20e2c209f7a",
+    "id": "bundle--5c1b709d-87e7-4548-a485-c6ed1d7df7f7",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T15:45:44.103Z",
+            "modified": "2023-09-08T19:19:37.927Z",
             "name": "Credentials from Password Store",
-            "description": "Adversaries may search common password storage locations to obtain user credentials. Passwords can be stored in several places on a device, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.",
+            "description": "Adversaries may search common password storage locations to obtain user credentials. Passwords can be stored in several places on a device, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users to manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.",
             "kill_chain_phases": [
                 {
                     "kill_chain_name": "mitre-mobile-attack",
diff --git a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
index 459fd60717..55863c47fd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--356e2f98-cf45-4c2f-9442-c458bcbd6531",
+    "id": "bundle--37c25f03-65b7-4ed5-8f35-e5ad47bc36c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
index 0eb5855575..3f8a3dab6f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3c330cf-eb88-4824-8bb2-d55ccb8dc2c7",
+    "id": "bundle--e2ccbd61-2e13-4f7d-9129-c8292993064b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
index 56926f77af..f37dd05c5b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
+++ b/mobile-attack/attack-pattern/attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a9163af-60dc-432d-bd36-5db1d7e68448",
+    "id": "bundle--6bf6a511-1e85-4dd0-a813-b68ff6b199df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
index 3598c87716..84fd745e9c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a.json
@@ -1,58 +1,58 @@
 {
     "type": "bundle",
-    "id": "bundle--3da7f330-9d86-47d0-a60c-f4335c113833",
+    "id": "bundle--f479cba3-b971-4dbb-a38c-224165949a83",
     "spec_version": "2.0",
     "objects": [
         {
-            "x_mitre_platforms": [
-                "Android",
-                "iOS"
-            ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "type": "attack-pattern",
-            "id": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-            "created": "2017-10-25T14:48:32.328Z",
-            "x_mitre_version": "3.0",
-            "external_references": [
-                {
-                    "source_name": "mitre-attack",
-                    "external_id": "T1406",
-                    "url": "https://attack.mitre.org/techniques/T1406"
-                },
-                {
-                    "source_name": "Microsoft MalLockerB",
-                    "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
-                    "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
-                },
-                {
-                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html",
-                    "source_name": "NIST Mobile Threat Catalogue",
-                    "external_id": "APP-21"
-                }
-            ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may attempt to make a payload or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the device or in transit. This is common behavior that can be used across different platforms and the network to evade defenses. \n \nPayloads may be compressed, archived, or encrypted in order to avoid detection. These payloads may be used during Initial Access or later to mitigate detection. Portions of files can also be encoded to hide the plaintext strings that would otherwise help defenders with discovery. Payloads may also be split into separate, seemingly benign files that only reveal malicious functionality when reassembled.(Citation: Microsoft MalLockerB) ",
-            "modified": "2022-04-06T12:36:31.652Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "modified": "2023-08-09T14:38:34.859Z",
             "name": "Obfuscated Files or Information",
-            "x_mitre_detection": "Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.",
+            "description": "Adversaries may attempt to make a payload or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the device or in transit. This is common behavior that can be used across different platforms and the network to evade defenses. \n \nPayloads may be compressed, archived, or encrypted in order to avoid detection. These payloads may be used during Initial Access or later to mitigate detection. Portions of files can also be encoded to hide the plaintext strings that would otherwise help defenders with discovery. Payloads may also be split into separate, seemingly benign files that only reveal malicious functionality when reassembled.(Citation: Microsoft MalLockerB) ",
             "kill_chain_phases": [
                 {
                     "kill_chain_name": "mitre-mobile-attack",
                     "phase_name": "defense-evasion"
                 }
             ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
             "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_version": "3.1",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
-            "x_mitre_attack_spec_version": "2.1.0",
+            "type": "attack-pattern",
+            "id": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+            "created": "2017-10-25T14:48:32.328Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1406",
+                    "external_id": "T1406"
+                },
+                {
+                    "source_name": "Microsoft MalLockerB",
+                    "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
+                    "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html",
+                    "external_id": "APP-21"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
index e63ef9a6c1..5bbd49fcb4 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--f575feb6-5d9e-48d2-bfa8-157d8a341e68",
+    "id": "bundle--7bd792da-42ab-4f89-8d31-0bb8422a470f",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2022-10-24T15:09:07.609Z",
+            "modified": "2023-08-08T22:50:32.775Z",
             "name": "Input Injection",
             "description": "A malicious application can inject input to the user interface to mimic user interaction through the abuse of Android's accessibility APIs.\n\n[Input Injection](https://attack.mitre.org/techniques/T1516) can be achieved using any of the following methods:\n\n* Mimicking user clicks on the screen, for example to steal money from a user's PayPal account.(Citation: android-trojan-steals-paypal-2fa)\n* Injecting global actions, such as `GLOBAL_ACTION_BACK` (programatically mimicking a physical back button press), to trigger actions on behalf of the user.(Citation: Talos Gustuff Apr 2019)\n* Inserting input into text fields on behalf of the user. This method is used legitimately to auto-fill text fields by applications such as password managers.(Citation: bitwarden autofill logins)",
             "kill_chain_phases": [
@@ -17,18 +17,19 @@
                     "phase_name": "impact"
                 }
             ],
-            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.",
-            "x_mitre_platforms": [
-                "Android"
-            ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "x_mitre_version": "1.1",
             "x_mitre_contributors": [
                 "Luk\u00e1\u0161 \u0160tefanko, ESET"
             ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
@@ -36,12 +37,18 @@
             "id": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
             "created": "2019-09-15T15:26:22.356Z",
             "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
                     "url": "https://attack.mitre.org/techniques/T1516",
                     "external_id": "T1516"
                 },
+                {
+                    "source_name": "bitwarden autofill logins",
+                    "description": "Bitwarden. (n.d.).  Auto-fill logins on Android . Retrieved September 15, 2019.",
+                    "url": "https://help.bitwarden.com/article/auto-fill-android/"
+                },
                 {
                     "source_name": "android-trojan-steals-paypal-2fa",
                     "description": "Luk\u00e1\u0161 \u0160tefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.",
@@ -51,18 +58,13 @@
                     "source_name": "Talos Gustuff Apr 2019",
                     "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
                     "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
-                },
-                {
-                    "source_name": "bitwarden autofill logins",
-                    "description": "Bitwarden. (n.d.).  Auto-fill logins on Android . Retrieved September 15, 2019.",
-                    "url": "https://help.bitwarden.com/article/auto-fill-android/"
                 }
             ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_attack_spec_version": "2.1.0",
-            "x_mitre_is_subtechnique": false
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
 }
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
index e710d626ef..84ec22e5f2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c53fb195-29ec-427a-926f-87d3247e2b88",
+    "id": "bundle--d2a98a9c-6f55-44c2-be87-4c840fbc9f82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
index 68b9ab6651..71c63f914c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--83195c76-ecaf-4bd3-b1ef-1f84b82dda82",
+    "id": "bundle--158045b6-852e-4c4a-ab0a-2d1f93c51d91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
index 414a3c30a8..b04caa31a8 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b15460c3-ef3e-44f1-a9bd-f2a548c41b9f",
+    "id": "bundle--e3f03246-c4ae-4f8e-89bc-afa361be1ced",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
index 71fc3a60ee..38481ac723 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc5d14ea-6416-40f7-a75b-d56bf4ce20f3",
+    "id": "bundle--ed042e98-0200-4d4c-bb64-4f3755d3e07e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
index d5f10f5ec5..cc168a72f4 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c692a9c5-5c08-4477-8616-7dcfeaca0390",
+    "id": "bundle--0b55962a-02d6-4e08-8720-bff08021cf03",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
index cce2ea1127..3da063c9a3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2081c84-49fe-4f89-842f-d06ee36b4694",
+    "id": "bundle--20d99120-1ba5-487d-9800-f89a8c02863a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
index adcd06f44a..a5e76cd90e 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--14b8c66b-a55f-44bb-a571-bf698d4a23d9",
+    "id": "bundle--0a58a8c7-e845-4622-8ce7-18a5fa848d7b",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:53:34.118Z",
+            "modified": "2023-08-14T16:35:55.739Z",
             "name": "One-Way Communication",
             "description": "Adversaries may use an existing, legitimate external Web service channel as a means for sending commands to a compromised system without receiving return output. Compromised systems may leverage popular websites and social media to host command and control (C2) instructions. Those infected systems may opt to send the output from those commands back over a different C2 channel, including to another distinct Web service. Alternatively, compromised systems may return no output at all in cases where adversaries want to send instructions to systems and do not want a response. \n\n \n\nPopular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. ",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "1.1",
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
index 9eba81b134..0c2fb358b5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1179a137-2ee0-4a07-b484-59e4e8adde10",
+    "id": "bundle--b34b0c16-c895-4d51-9ae3-38bea699532b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
index 662a5d4a4c..3547430137 100644
--- a/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
+++ b/mobile-attack/attack-pattern/attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--784eba6f-50ad-419c-b5be-d7c1f776b506",
+    "id": "bundle--5ee91c70-0118-440e-a052-874afc90cacf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
index 815d3c39be..8275fe5a30 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9.json
@@ -1,18 +1,21 @@
 {
     "type": "bundle",
-    "id": "bundle--2ee881d5-864c-476c-8e77-d5341088aacb",
+    "id": "bundle--980db58d-68e7-44ae-826b-06afdecf561b",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:54:36.502Z",
+            "modified": "2023-09-28T15:38:41.106Z",
             "name": "Prevent Application Removal",
-            "description": "Adversaries may abuse the Android device administration API to prevent the user from uninstalling a target application. In earlier versions of Android, device administrator applications needed their administration capabilities explicitly deactivated by the user before the application could be uninstalled. This was later updated so the user could deactivate and uninstall the administrator application in one step.\n\nAdversaries may also abuse the device accessibility APIs to prevent removal. This set of APIs allows the application to perform certain actions on behalf of the user and programmatically determine what is being shown on the screen. The malicious application could monitor the device screen for certain modals (e.g., the confirmation modal to uninstall an application) and inject screen input or a back button tap to close the modal.",
+            "description": "Adversaries may abuse the Android device administration API to prevent the user from uninstalling a target application. In earlier versions of Android, device administrator applications needed their administration capabilities explicitly deactivated by the user before the application could be uninstalled. This was later updated so the user could deactivate and uninstall the administrator application in one step.\n\nAdversaries may also abuse the device accessibility APIs to prevent removal. This set of APIs allows the application to perform certain actions on behalf of the user and programmatically determine what is being shown on the screen. The malicious application could monitor the device screen for certain modals (e.g., the confirmation modal to uninstall an application) and inject screen input or a back button tap to close the modal. For example, Android's `performGlobalAction(int)` API could be utilized to prevent the user from removing the malicious application from the device after installation. If the user wants to uninstall the malicious application, two cases may occur, both preventing the user from removing the application.\n\n* Case 1: If the integer argument passed to the API call is `2` or `GLOBAL_ACTION_HOME`, the malicious application may direct the user to the home screen from settings screen \n\n* Case 2: If the integer argument passed to the API call is `1` or `GLOBAL_ACTION_BACK`, the malicious application may emulate the back press event ",
             "kill_chain_phases": [
                 {
                     "kill_chain_name": "mitre-mobile-attack",
                     "phase_name": "defense-evasion"
                 }
             ],
+            "x_mitre_contributors": [
+                "Shankar Raman, Gen Digital and Abhinand, Amrita University"
+            ],
             "x_mitre_deprecated": false,
             "x_mitre_detection": "Users can view a list of device administrators and applications that have registered accessibility services in device settings. Users can typically visually see when an action happens that they did not initiate and can subsequently review installed applications for any out of place or unknown ones. Applications that register an accessibility service or request device administrator permissions should be scrutinized further for malicious behavior.",
             "x_mitre_domains": [
@@ -22,7 +25,7 @@
             "x_mitre_platforms": [
                 "Android"
             ],
-            "x_mitre_version": "1.1",
+            "x_mitre_version": "1.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
@@ -46,7 +49,7 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_attack_spec_version": "3.2.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
index 31c76f2fb6..057b4ccc53 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11222e86-ea25-45ad-af7a-d58418554cd1",
+    "id": "bundle--c4d78d1c-1eb0-4f41-8dbb-4ee751f1522d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df.json b/mobile-attack/attack-pattern/attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df.json
new file mode 100644
index 0000000000..ed25cbd12f
--- /dev/null
+++ b/mobile-attack/attack-pattern/attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df.json
@@ -0,0 +1,62 @@
+{
+    "type": "bundle",
+    "id": "bundle--de79991a-e9b7-4a52-b247-a4fbacf4a08b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-29T19:45:39.608Z",
+            "name": "Phishing",
+            "description": "Adversaries may send malicious content to users in order to gain access to their mobile devices. All forms of phishing are electronically delivered social engineering. Adversaries can conduct both non-targeted phishing, such as in mass malware spam campaigns, as well as more targeted phishing tailored for a specific individual, company, or industry, known as \u201cspearphishing\u201d.  Phishing often involves social engineering techniques, such as posing as a trusted source, as well as evasion techniques, such as removing or manipulating emails or metadata/headers from compromised accounts being abused to send messages.\n\nMobile phishing may take various forms. For example, adversaries may send emails containing malicious attachments or links, typically to deliver and then execute malicious code on victim devices. Phishing may also be conducted via third-party services, like social media platforms.  \n\nMobile devices are a particularly attractive target for adversaries executing phishing campaigns.  Due to their smaller form factor than traditional desktop endpoints, users may not be able to notice minor differences between genuine and phishing websites. Further, mobile devices have additional sensors and radios that allow adversaries to execute phishing attempts over several different vectors, such as: \n\n- SMS messages: Adversaries may send SMS messages (known as \u201csmishing\u201d) from compromised devices to potential targets to convince the target to, for example, install malware, navigate to a specific website, or enable certain insecure configurations on their device.\n- Quick Response (QR) Codes: Adversaries may use QR codes (known as \u201cquishing\u201d) to redirect users to a phishing website. For example, an adversary could replace a legitimate public QR Code with one that leads to a different destination, such as a phishing website. A malicious QR code could also be delivered via other means, such as SMS or email. In the latter case, an adversary could utilize a malicious QR code in an email to pivot from the user\u2019s desktop computer to their mobile device.\n- Phone Calls: Adversaries may call victims (known as \u201cvishing\u201d) to persuade them to perform an action, such as providing login credentials or navigating to a malicious website. This could also be used as a technique to perform the initial access on a mobile device, but then pivot to a computer/other network by having the victim perform an action on a desktop computer.\n",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "initial-access"
+                }
+            ],
+            "x_mitre_contributors": [
+                "Vijay Lalwani",
+                "Will Thomas, Equinix",
+                "Adam Mashinchi",
+                "Sam Seabrook, Duke Energy",
+                "Naveen Devaraja, bolttech",
+                "Brian Donohue"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+            "created": "2023-09-21T19:35:15.552Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1660",
+                    "external_id": "T1660"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-9.html",
+                    "external_id": "AUT-9"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
index 13add238ae..a06221e0a5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd.json
@@ -1,68 +1,68 @@
 {
     "type": "bundle",
-    "id": "bundle--a3b8e45b-fb27-4b4e-8a66-76093d6a4923",
+    "id": "bundle--53076ca8-a637-46e4-87a7-4f406c7c0275",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-10-16T16:23:05.146Z",
+            "name": "Lockscreen Bypass",
+            "description": "An adversary with physical access to a mobile device may seek to bypass the device\u2019s lockscreen. Several methods exist to accomplish this, including:\n\n* Biometric spoofing: If biometric authentication is used, an adversary could attempt to spoof a mobile device\u2019s biometric authentication mechanism. Both iOS and Android partly mitigate this attack by requiring the device\u2019s passcode rather than biometrics to unlock the device after every device restart, and after a set or random amount of time.(Citation: SRLabs-Fingerprint)(Citation: TheSun-FaceID)\n* Unlock code bypass: An adversary could attempt to brute-force or otherwise guess the lockscreen passcode (typically a PIN or password), including physically observing (\u201cshoulder surfing\u201d) the device owner\u2019s use of the lockscreen passcode. Mobile OS vendors partly mitigate this by implementing incremental backoff timers after a set number of failed unlock attempts, as well as a configurable full device wipe after several failed unlock attempts.\n* Vulnerability exploit: Techniques have been periodically demonstrated that exploit mobile devices to bypass the lockscreen. The vulnerabilities are generally patched by the device or OS vendor once disclosed.(Citation: Wired-AndroidBypass)(Citation: Kaspersky-iOSBypass)\n",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "initial-access"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "Users can see if someone is watching them type in their device passcode.",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
             "x_mitre_platforms": [
                 "Android",
                 "iOS"
             ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "1.3",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
             ],
             "type": "attack-pattern",
             "id": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
             "created": "2017-10-25T14:48:24.488Z",
-            "x_mitre_version": "1.2",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
-                    "external_id": "T1461",
-                    "url": "https://attack.mitre.org/techniques/T1461"
+                    "url": "https://attack.mitre.org/techniques/T1461",
+                    "external_id": "T1461"
                 },
                 {
                     "source_name": "Wired-AndroidBypass",
-                    "url": "https://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/",
-                    "description": "Andy Greenberg. (2015, September 15). Hack Brief: Emergency Number Hack Bypasses Android Lock Screens. Retrieved December 23, 2016."
+                    "description": "Andy Greenberg. (2015, September 15). Hack Brief: Emergency Number Hack Bypasses Android Lock Screens. Retrieved December 23, 2016.",
+                    "url": "https://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/"
                 },
                 {
                     "source_name": "Kaspersky-iOSBypass",
-                    "url": "https://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/",
-                    "description": "Chris Brook. (2016, November 17). iOS 10 Passcode Bypass Can Access Photos, Contacts. Retrieved December 23, 2016."
+                    "description": "Chris Brook. (2016, November 17). iOS 10 Passcode Bypass Can Access Photos, Contacts. Retrieved December 23, 2016.",
+                    "url": "https://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/"
                 },
                 {
                     "source_name": "TheSun-FaceID",
-                    "url": "https://www.thesun.co.uk/tech/5584082/iphone-x-face-unlock-tricked-broken/",
-                    "description": "Sean Keach. (2018, February 15). Brit mates BREAK Apple\u2019s face unlock and vow to never buy iPhone again. Retrieved September 18, 2018."
+                    "description": "Sean Keach. (2018, February 15). Brit mates BREAK Apple\u2019s face unlock and vow to never buy iPhone again. Retrieved September 18, 2018.",
+                    "url": "https://www.thesun.co.uk/tech/5584082/iphone-x-face-unlock-tricked-broken/"
                 },
                 {
                     "source_name": "SRLabs-Fingerprint",
-                    "url": "https://srlabs.de/bites/spoofing-fingerprints/",
-                    "description": "SRLabs. (n.d.). Fingerprints are not fit for secure device unlocking. Retrieved December 23, 2016."
+                    "description": "SRLabs. (n.d.). Fingerprints are not fit for secure device unlocking. Retrieved December 23, 2016.",
+                    "url": "https://srlabs.de/bites/spoofing-fingerprints/"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "An adversary with physical access to a mobile device may seek to bypass the device\u2019s lockscreen. Several methods exist to accomplish this, including:\n\n* Biometric spoofing: If biometric authentication is used, an adversary could attempt to spoof a mobile device\u2019s biometric authentication mechanism. Both iOS and Android partly mitigate this attack by requiring the device\u2019s passcode rather than biometrics to unlock the device after every device restart, and after a set or random amount of time.(Citation: SRLabs-Fingerprint)(Citation: TheSun-FaceID)\n* Unlock code bypass: An adversaries could attempt to brute-force or otherwise guess the lockscreen passcode (typically a PIN or password), including physically observing (\u201cshoulder surfing\u201d) the device owner\u2019s use of the lockscreen passcode. Mobile OS vendors partly mitigate this by implementing incremental backoff timers after a set number of failed unlock attempts, as well as a configurable full device wipe after several failed unlock attempts.\n* Vulnerability exploit: Techniques have been periodically demonstrated that exploit mobile devices to bypass the lockscreen. The vulnerabilities are generally patched by the device or OS vendor once disclosed.(Citation: Wired-AndroidBypass)(Citation: Kaspersky-iOSBypass)\n",
-            "modified": "2022-04-19T15:36:12.312Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Lockscreen Bypass",
-            "x_mitre_detection": "Users can see if someone is watching them type in their device passcode.",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "initial-access",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_is_subtechnique": false,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
-            ],
-            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_attack_spec_version": "3.2.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
index 3bd8865cf6..02c8fb26f5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdf54e75-95e0-41a3-8ee0-3768462d1ad2",
+    "id": "bundle--714d09c3-85da-4e7b-b556-3775a327fb51",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
index bd0c68df4d..3580d69775 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dac9d2f7-ea97-43b6-bafe-eba8da7ab215",
+    "id": "bundle--7d8e50fa-d860-4b5b-80ea-b2946b90b967",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
index 5ae59440cd..7d8f0ae88a 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb4d19b9-549e-4256-a3f1-432d632c1efb",
+    "id": "bundle--76047be8-3e40-4a66-8257-47ad4dd191fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
index c3c2ba16b1..4ee8a1f7c0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aefafd75-0fb6-4c2d-9e03-eff7ab10c3c4",
+    "id": "bundle--0d206a38-f73c-49bd-973a-c9e06a1ef268",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
index 145e3f08c9..fbd91b476b 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--83204f3a-466a-4237-aaec-80997fb70336",
+    "id": "bundle--85565514-06db-4c50-957f-c6745e88bdb4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
index 69381032b2..176a78b496 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ccd9a6fe-4de2-4e57-8efc-af9dc23ad906",
+    "id": "bundle--73cc9d80-c713-4182-b1af-ad1a9474647e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
index 8f5dee022c..fc95fe8828 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f8f3f24-e0ac-418c-a5e7-da8c5edd50b1",
+    "id": "bundle--365b2eff-de0e-4e61-93cf-c87c66b49fc9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
index 45771fd0c9..dbe8e69e6f 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e3b936a4-6321-4172-9114-038a866362ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11689903-f64a-4bd8-8261-a095dc51cf35",
+    "id": "bundle--bc0c8a58-0511-4956-9f94-f0a287a7a6b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
index 48676cc6ce..1c1cdd193d 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc724a9c-0bb9-4e67-a5c9-3d3fb688f934",
+    "id": "bundle--5cfa43cd-2713-404e-8262-d4dec85f3cf0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
index 72cbb8addb..da0856aebd 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3bbd5a3-dbd1-495e-af5c-38a924a221ba",
+    "id": "bundle--931e2ec9-5a97-4605-9c55-b42799c0a84a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
index 984f3b2ef9..56be272306 100644
--- a/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
+++ b/mobile-attack/attack-pattern/attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50696ee5-2bd7-492c-871f-218bdaaacea3",
+    "id": "bundle--bee6aff2-e76d-4579-ae5b-d8c6d50a950f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
index fc8e698c64..c332d11922 100644
--- a/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
+++ b/mobile-attack/attack-pattern/attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41a1eaae-87e4-4bb3-85b0-a750b7a531b9",
+    "id": "bundle--5077dab5-e912-4d65-99ee-8b9e9df492b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
index 177c233c01..90c66f1560 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--359a7149-d4a7-4ba6-96c7-bb555d1d5178",
+    "id": "bundle--1d0cc472-bc10-4fdf-9cd3-645bdaaebd44",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
index de76e688d6..b81dbd3152 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a0b16799-dd0c-4bc5-ae2a-ee4d26ec4b1e",
+    "id": "bundle--64081ec6-8cac-418e-a632-c68409a72466",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
index 91de4e9d6f..db4066c4d2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
+++ b/mobile-attack/attack-pattern/attack-pattern--ef771e03-e080-43b4-a619-ac6f84899884.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7f946d28-ffa9-48e9-978c-4cfa64c85533",
+    "id": "bundle--51661f3a-cf0c-4d64-8a48-df25ae356982",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
index 37450fe731..182f693e81 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c3bd146-03dd-4dd0-9e78-a8e3d776fb57",
+    "id": "bundle--4870c016-c2b2-44f8-84ae-d632131291a1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
index 97cc3c232d..2b9fa485b0 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f1c3d071-0c24-483d-aca0-e8b8496ce468.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56217f9b-b6c4-42e3-9240-88e33228e89f",
+    "id": "bundle--dc9f0c8e-437b-447e-a331-1bf18885c0a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
index 0b268609f2..08859887e3 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54e40de0-8b75-4a0d-b5b9-46bb9fd6df34",
+    "id": "bundle--1aa3019b-3b43-4191-a32e-44ad701c0f86",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
index 5de3e679c0..e69cc3e704 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e83f9664-b4a4-43e8-8146-0b000a8dc62c",
+    "id": "bundle--ec01f890-8642-401b-869c-f72742a8e3d8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc.json b/mobile-attack/attack-pattern/attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc.json
new file mode 100644
index 0000000000..05042f2fc5
--- /dev/null
+++ b/mobile-attack/attack-pattern/attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc.json
@@ -0,0 +1,59 @@
+{
+    "type": "bundle",
+    "id": "bundle--90dc7d19-9035-4bdd-907f-ccf4b19a1843",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-08T18:14:46.081Z",
+            "name": "Masquerading",
+            "description": "Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name, location, or appearance of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.\n\nRenaming abusable system utilities to evade security monitoring is also a form of [Masquerading](https://attack.mitre.org/techniques/T1655)\n",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "defense-evasion"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "\n",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": false,
+            "x_mitre_platforms": [
+                "Android",
+                "iOS"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
+            ],
+            "type": "attack-pattern",
+            "id": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+            "created": "2023-07-12T20:29:48.758Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/techniques/T1655",
+                    "external_id": "T1655"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-14.html",
+                    "external_id": "APP-14"
+                },
+                {
+                    "source_name": "NIST Mobile Threat Catalogue",
+                    "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html",
+                    "external_id": "APP-31"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
index 112be6f58c..811575cfda 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25933274-c942-48bc-921f-631e4cbb482f",
+    "id": "bundle--3fb1b441-1d4b-4e4e-8515-eed84771aa79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
index d59d61462a..e5944cb4a2 100644
--- a/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
+++ b/mobile-attack/attack-pattern/attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dbf984f-8031-4dee-a3db-8c73367c39c0",
+    "id": "bundle--63532c39-5563-4607-b8fc-ca1ad9ba1ee0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
index 6aae1896cc..361161ccd5 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e208176c-e4ce-4cc9-9005-2e1643406dab",
+    "id": "bundle--27f0de05-81f1-43f9-ae4a-adf902563581",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
index c77b666826..99ef43be4c 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fb3fa94a-3aee-4ab0-b7e7-abdf0a51286d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1be02b0a-6cd7-4892-8992-987f7dfc6a6d",
+    "id": "bundle--3328ebe9-c1a1-4441-a90f-77effb5a10e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
index fa9723a2d1..93851202b6 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1c25481c-0e7c-41af-a03a-97e1b75b7ba0",
+    "id": "bundle--54043d3e-093c-4d52-9724-c360380ae753",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
index 5a100fa44f..55157f5e21 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--433b4d09-a250-4603-b36e-804281a9f1d7",
+    "id": "bundle--e832a8f0-92c5-4543-b87f-df1fadcff22c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
index b37ea416a7..fc38fb1446 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd211238-f767-4599-8c0d-9dca36624626.json
@@ -1,58 +1,58 @@
 {
     "type": "bundle",
-    "id": "bundle--b012da54-ad4e-4585-83df-de13a6c0e0ed",
+    "id": "bundle--e610076c-d798-4e83-9930-edd987890564",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-08-14T16:19:54.832Z",
+            "name": "Domain Generation Algorithms",
+            "description": "Adversaries may use [Domain Generation Algorithms](https://attack.mitre.org/techniques/T1637/001) (DGAs) to procedurally generate domain names for uses such as command and control communication   or malicious application distribution.(Citation: securelist rotexy 2018)\n\nDGAs increase the difficulty for defenders to block, track, or take over the command and control channel, as there could potentially be thousands of domains that malware can check for instructions.",
+            "kill_chain_phases": [
+                {
+                    "kill_chain_name": "mitre-mobile-attack",
+                    "phase_name": "command-and-control"
+                }
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different DGA algorithms, constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) CDN domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names ",
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_is_subtechnique": true,
             "x_mitre_platforms": [
                 "Android",
                 "iOS"
             ],
-            "x_mitre_domains": [
-                "mobile-attack"
-            ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            "x_mitre_version": "1.1",
+            "x_mitre_tactic_type": [
+                "Post-Adversary Device Access"
             ],
             "type": "attack-pattern",
             "id": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
             "created": "2022-04-05T19:59:03.161Z",
-            "x_mitre_version": "1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
-                    "external_id": "T1637.001",
-                    "url": "https://attack.mitre.org/techniques/T1637/001"
+                    "url": "https://attack.mitre.org/techniques/T1637/001",
+                    "external_id": "T1637.001"
                 },
                 {
                     "source_name": "Data Driven Security DGA",
-                    "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/",
-                    "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019."
+                    "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+                    "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
                 },
                 {
                     "source_name": "securelist rotexy 2018",
-                    "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-                    "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan \u2013 banker and ransomware. Retrieved September 23, 2019."
+                    "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan \u2013 banker and ransomware. Retrieved September 23, 2019.",
+                    "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
-            "description": "Adversaries may use [Domain Generation Algorithms](https://attack.mitre.org/techniques/T1637/001) (DGAs) to procedurally generate domain names for uses such as command and control communication   or malicious application distribution.(Citation: securelist rotexy 2018)\n\nDGAs increase the difficulty for defenders to block, track, or take over the command and control channel, as there could potentially be thousands of domains that malware can check for instructions.",
-            "modified": "2022-04-05T19:59:22.888Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-            "name": "Domain Generation Algorithms",
-            "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different DGA algorithms, constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) CDN domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names ",
-            "kill_chain_phases": [
-                {
-                    "phase_name": "command-and-control",
-                    "kill_chain_name": "mitre-mobile-attack"
-                }
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "x_mitre_is_subtechnique": true,
-            "x_mitre_tactic_type": [
-                "Post-Adversary Device Access"
-            ],
-            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
index a4b00673c7..4da539fd70 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--c194d6e6-111e-4c69-9a9f-be1b5f92a224",
+    "id": "bundle--098794b2-3028-415b-9618-37563ccb6d98",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-20T18:24:56.530Z",
+            "modified": "2023-08-07T17:12:07.620Z",
             "name": "Drive-By Compromise",
             "description": "Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring an [Application Access Token](https://attack.mitre.org/techniques/T1550/001).\n\nMultiple ways of delivering exploit code to a browser exist, including:\n\n* A legitimate website is compromised where adversaries have injected some form of malicious code such as JavaScript, iFrames, and cross-site scripting.\n* Malicious ads are paid for and served through legitimate ad providers.\n* Built-in web application interfaces are leveraged for the insertion of any other kind of object that can be used to display web content or contain a script that executes on the visiting client (e.g. forum posts, comments, and other user controllable web content).\n\nOften the website used by an adversary is one visited by a specific community, such as government, a particular industry, or region, where the goal is to compromise a specific user or set of users based on a shared interest. This kind of targeted attack is referred to a strategic web compromise or watering hole attack. There are several known examples of this occurring.(Citation: Lookout-StealthMango)\n\nTypical drive-by compromise process:\n\n1. A user visits a website that is used to host the adversary controlled content.\n2. Scripts automatically execute, typically searching versions of the browser and plugins for a potentially vulnerable version. \n    * The user may be required to assist in this process by enabling scripting or active website components and ignoring warning dialog boxes.\n3. Upon finding a vulnerable version, exploit code is delivered to the browser.\n4. If exploitation is successful, then it will give the adversary code execution on the user's system unless other protections are in place.\n    * In some cases a second visit to the website after the initial scan is required before exploit code is delivered.",
             "kill_chain_phases": [
@@ -23,7 +23,7 @@
                 "Android",
                 "iOS"
             ],
-            "x_mitre_version": "2.1",
+            "x_mitre_version": "2.2",
             "x_mitre_tactic_type": [
                 "Post-Adversary Device Access"
             ],
diff --git a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
index df1e1a4878..b49a394e64 100644
--- a/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
+++ b/mobile-attack/attack-pattern/attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a32fc9f-9879-4112-8eeb-3c2efd8efdd9",
+    "id": "bundle--6acf2353-a0ef-4eb4-a7c4-2330c139503b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
index 7c3a28507d..5f65f131d6 100644
--- a/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
+++ b/mobile-attack/campaign/campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--637b46b8-8146-4635-878e-0f17f646cb91",
+    "id": "bundle--6b908321-8e9e-4563-a4d5-c5f75c79f4a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
index 8be427100d..df5d2ddaae 100644
--- a/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
+++ b/mobile-attack/course-of-action/course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c573ead3-04f5-4c38-9379-a9299fc069dd",
+    "id": "bundle--232386b0-889b-4787-866f-59a3c305234b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
index 2f19c8aeed..553bce2eff 100644
--- a/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
+++ b/mobile-attack/course-of-action/course-of-action--1553b156-6767-47f7-9eb4-2a692505666d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15fea9dd-e9f1-4463-84ac-0e57dda42e51",
+    "id": "bundle--9d0c202d-d741-4757-9451-87358f701395",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
index 80f3a3ee0c..09483b6d7d 100644
--- a/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
+++ b/mobile-attack/course-of-action/course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1.json
@@ -1,20 +1,23 @@
 {
     "type": "bundle",
-    "id": "bundle--9df178e1-7e46-4aac-8d02-06d1dcbb0a7f",
+    "id": "bundle--f4824ca5-f041-47bd-83cf-cead7fee6d14",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-09-27T20:18:19.004Z",
+            "name": "Application Developer Guidance",
+            "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.",
+            "x_mitre_deprecated": false,
             "x_mitre_domains": [
                 "enterprise-attack",
                 "mobile-attack"
             ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "id": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+            "x_mitre_version": "1.1",
             "type": "course-of-action",
+            "id": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
             "created": "2017-10-25T14:48:53.732Z",
             "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
@@ -22,10 +25,10 @@
                     "external_id": "M1013"
                 }
             ],
-            "modified": "2018-10-17T00:14:20.652Z",
-            "name": "Application Developer Guidance",
-            "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.",
-            "x_mitre_version": "1.0",
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
index 7c89f505b0..6580411f4c 100644
--- a/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
+++ b/mobile-attack/course-of-action/course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b72a9ad0-cfc6-4fff-8be5-1ec72e2efc46",
+    "id": "bundle--62ab4329-d65a-4372-8b21-b073a79c3845",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
index 7e6a728a49..b6d6d15802 100644
--- a/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
+++ b/mobile-attack/course-of-action/course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c40b91e-d0c1-4bde-bb2f-f1ee090eb9a6",
+    "id": "bundle--2099ffc1-8159-4cbc-a6a7-d7c3aba796c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--78671282-26aa-486c-a7a5-5921e1616b58.json b/mobile-attack/course-of-action/course-of-action--78671282-26aa-486c-a7a5-5921e1616b58.json
new file mode 100644
index 0000000000..ec6e1fe2fe
--- /dev/null
+++ b/mobile-attack/course-of-action/course-of-action--78671282-26aa-486c-a7a5-5921e1616b58.json
@@ -0,0 +1,34 @@
+{
+    "type": "bundle",
+    "id": "bundle--99db67e6-a0ee-4f82-af9f-1f441f76c23e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-21T19:36:08.280Z",
+            "name": "Antivirus/Antimalware",
+            "description": "Mobile security products, such as Mobile Threat Defense (MTD), offer various device-based mitigations against certain behaviors.",
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "type": "course-of-action",
+            "id": "course-of-action--78671282-26aa-486c-a7a5-5921e1616b58",
+            "created": "2023-09-21T19:36:08.280Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/mitigations/M1058",
+                    "external_id": "M1058"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
index 654ae479b4..4c598b7460 100644
--- a/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
+++ b/mobile-attack/course-of-action/course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--381c39ab-a5d4-4a89-8630-9382dd4d218d",
+    "id": "bundle--bf0a244d-7cc4-4602-968b-0843486653f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
index ffe8c2f01b..dfda854e15 100644
--- a/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
+++ b/mobile-attack/course-of-action/course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bbfd31b-d774-4eff-9888-1db0bdc297db",
+    "id": "bundle--0da8b9b8-ca7b-4354-8857-97c163a2e17e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
index 8b5c9cf53c..6a142511c2 100644
--- a/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
+++ b/mobile-attack/course-of-action/course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--176bd630-6879-437d-9700-820ec6aa9711",
+    "id": "bundle--65a65cf3-f078-42fe-87e1-ea452346d36a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
index 0aac6fd839..36a9f59dfe 100644
--- a/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
+++ b/mobile-attack/course-of-action/course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3833279-11c1-4eb7-96ef-bb7ece2cd419",
+    "id": "bundle--42c953cb-e0f6-484b-b6e2-8833c289ed72",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
index fe1347be86..f8d588b6b3 100644
--- a/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
+++ b/mobile-attack/course-of-action/course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--830d2874-a1cf-491c-b836-d17ee88f466f",
+    "id": "bundle--bf033900-a59c-4787-89e9-167bb9c533d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
index 92ce5ff3af..ee52ae229f 100644
--- a/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
+++ b/mobile-attack/course-of-action/course-of-action--e829ee51-1caf-4665-ba15-7f8979634124.json
@@ -1,19 +1,22 @@
 {
     "type": "bundle",
-    "id": "bundle--607fa945-7666-4b80-87b8-10305e49fcf1",
+    "id": "bundle--ddd8207a-69bc-4e0d-9778-2c6078810bfc",
     "spec_version": "2.0",
     "objects": [
         {
+            "modified": "2023-08-15T15:06:03.428Z",
+            "name": "Interconnection Filtering",
+            "description": "In order to mitigate Signaling System 7 (SS7) exploitation, the Communications, Security, Reliability, and Interoperability Council (CSRIC) describes filtering interconnections between network operators to block inappropriate requests (Citation: CSRIC5-WG10-FinalReport).",
+            "x_mitre_deprecated": false,
             "x_mitre_domains": [
                 "mobile-attack"
             ],
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
-            "id": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
+            "x_mitre_version": "1.0",
             "type": "course-of-action",
+            "id": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
             "created": "2017-10-25T14:48:50.181Z",
             "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "mitre-attack",
@@ -23,13 +26,13 @@
                 {
                     "source_name": "CSRIC5-WG10-FinalReport",
                     "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
-                    "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
+                    "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
                 }
             ],
-            "modified": "2018-10-17T00:14:20.652Z",
-            "name": "Interconnection Filtering",
-            "description": "In order to mitigate Signaling System 7 (SS7) exploitation, the Communications, Security, Reliability, and Interoperability Council (CSRIC) describes filtering interconnections between network operators to block inappropriate requests (Citation: CSRIC5-WG10-FinalReport).",
-            "x_mitre_version": "1.0",
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
index 2549dc3751..2aaf91623a 100644
--- a/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
+++ b/mobile-attack/course-of-action/course-of-action--e944670c-d03a-4e93-a21c-b3d4c53ec4c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eab8aec3-3b07-472a-9ea7-40b5e8dfe655",
+    "id": "bundle--29f98e4a-834e-40dc-a366-54e006f2d231",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
index 10e212108e..1f7233f53f 100644
--- a/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
+++ b/mobile-attack/course-of-action/course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7101ac28-e61d-49ab-adb9-5ab50c9f24cd",
+    "id": "bundle--2b560506-07fe-4ecc-8245-c96868dbe7f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
index 613369691e..94c9e11aed 100644
--- a/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
+++ b/mobile-attack/identity/identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a5226a7-8c87-49c0-af04-5385331a0983",
+    "id": "bundle--8ed345b9-4c3e-4ad3-812e-07c15149d3d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
index 0c35c90700..4aa1e505d4 100644
--- a/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
+++ b/mobile-attack/intrusion-set/intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c19523a1-29c9-4fb2-9f94-35ecf83cce7f",
+    "id": "bundle--fb1a86b1-dd90-486b-b40b-cce5f536f924",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
index 9e95fa0608..833f755d10 100644
--- a/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
+++ b/mobile-attack/intrusion-set/intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192.json
@@ -1,10 +1,10 @@
 {
     "type": "bundle",
-    "id": "bundle--25c8b390-60d5-44dc-8796-8860f9991f2b",
+    "id": "bundle--8eb4b3d7-060b-4610-a18c-8b9c54eadf76",
     "spec_version": "2.0",
     "objects": [
         {
-            "modified": "2023-03-08T22:12:31.238Z",
+            "modified": "2023-10-06T14:13:06.011Z",
             "name": "Sandworm Team",
             "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
             "aliases": [
@@ -18,7 +18,7 @@
                 "IRIDIUM"
             ],
             "x_mitre_deprecated": false,
-            "x_mitre_version": "3.0",
+            "x_mitre_version": "3.1",
             "x_mitre_contributors": [
                 "Dragos Threat Intelligence"
             ],
@@ -130,11 +130,11 @@
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
             "x_mitre_domains": [
-                "ics-attack",
                 "enterprise-attack",
+                "ics-attack",
                 "mobile-attack"
             ],
-            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_attack_spec_version": "3.2.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/intrusion-set/intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f.json b/mobile-attack/intrusion-set/intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f.json
new file mode 100644
index 0000000000..0419ae60ac
--- /dev/null
+++ b/mobile-attack/intrusion-set/intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f.json
@@ -0,0 +1,54 @@
+{
+    "type": "bundle",
+    "id": "bundle--ca1e56fe-30c7-4be2-b7b8-8fa963da4c6d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-22T20:43:16.504Z",
+            "name": "Confucius",
+            "description": "[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between [Confucius](https://attack.mitre.org/groups/G0142) and [Patchwork](https://attack.mitre.org/groups/G0040), particularly in their respective custom malware code and targets.(Citation: TrendMicro Confucius APT Feb 2018)(Citation: TrendMicro Confucius APT Aug 2021)(Citation: Uptycs Confucius APT Jan 2021)",
+            "aliases": [
+                "Confucius",
+                "Confucius APT"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.1",
+            "type": "intrusion-set",
+            "id": "intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f",
+            "created": "2021-12-26T23:11:39.442Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/groups/G0142",
+                    "external_id": "G0142"
+                },
+                {
+                    "source_name": "TrendMicro Confucius APT Feb 2018",
+                    "description": "Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.",
+                    "url": "https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html"
+                },
+                {
+                    "source_name": "TrendMicro Confucius APT Aug 2021",
+                    "description": "Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.",
+                    "url": "https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html"
+                },
+                {
+                    "source_name": "Uptycs Confucius APT Jan 2021",
+                    "description": "Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.",
+                    "url": "https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_domains": [
+                "enterprise-attack",
+                "mobile-attack"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/intrusion-set/intrusion-set--7251b44b-6072-476c-b8d9-a6e32c355b28.json b/mobile-attack/intrusion-set/intrusion-set--7251b44b-6072-476c-b8d9-a6e32c355b28.json
new file mode 100644
index 0000000000..aed277d32d
--- /dev/null
+++ b/mobile-attack/intrusion-set/intrusion-set--7251b44b-6072-476c-b8d9-a6e32c355b28.json
@@ -0,0 +1,43 @@
+{
+    "type": "bundle",
+    "id": "bundle--441068b5-aaf2-4992-8c89-ac72474a63d9",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-26T14:34:08.342Z",
+            "name": "MoustachedBouncer",
+            "description": "[MoustachedBouncer](https://attack.mitre.org/groups/G1019) is a cyberespionage group that has been active since at least 2014 targeting foreign embassies in Belarus.(Citation: MoustachedBouncer ESET August 2023)",
+            "aliases": [
+                "MoustachedBouncer"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "type": "intrusion-set",
+            "id": "intrusion-set--7251b44b-6072-476c-b8d9-a6e32c355b28",
+            "created": "2023-09-25T18:11:05.672Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/groups/G1019",
+                    "external_id": "G1019"
+                },
+                {
+                    "source_name": "MoustachedBouncer ESET August 2023",
+                    "description": "Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.",
+                    "url": "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "x_mitre_domains": [
+                "enterprise-attack",
+                "mobile-attack"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
index 8880c57f05..bf4892b09a 100644
--- a/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
+++ b/mobile-attack/intrusion-set/intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c82c6d4-75d3-4002-b424-04c96d5c74a2",
+    "id": "bundle--a78431e5-fc1c-4fd8-aa5d-d49524c5bb68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
index 4eeae10664..a3ac220016 100644
--- a/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
+++ b/mobile-attack/intrusion-set/intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c5883ab-669e-4ed4-a2cb-a9a2447a22f2",
+    "id": "bundle--254334b9-a90e-48cb-b9db-05583f036dd7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
index 13dc5bf1ee..ef8f00b779 100644
--- a/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
+++ b/mobile-attack/intrusion-set/intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7fc547b6-c94c-41ab-9743-392182aff60d",
+    "id": "bundle--ca6d1380-635e-43b5-815c-b80f2ebc95b4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
index 0e0379a690..ae9ecc154d 100644
--- a/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
+++ b/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff9eff1c-ed23-460d-9ffb-cda4c583cb47",
+    "id": "bundle--8d162a91-b7de-413e-a513-401a239334c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
index 36e4653bcb..b31c97be4e 100644
--- a/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
+++ b/mobile-attack/malware/malware--007ebf84-4e14-44c7-a5aa-151d5de85320.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5c3a1e8-8ba1-46ed-a222-f96ffbf14117",
+    "id": "bundle--77f9c900-e444-4935-b9b1-6f222c9b78cb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
index 3a76d7bfa0..3aa4cea69a 100644
--- a/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
+++ b/mobile-attack/malware/malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c15b4cf3-aa90-45be-823b-4e487eb79524",
+    "id": "bundle--9ba54513-d5df-4134-bba1-a43554b5b11b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
index 7d3d250d64..fe807e7228 100644
--- a/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
+++ b/mobile-attack/malware/malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57f7e21e-562d-47f1-8943-9d01452c7d2f",
+    "id": "bundle--7ccd9b2e-20d4-472a-ab9c-f63b5c0cc8f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
index 9636f0d5a4..88b7972fc0 100644
--- a/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
+++ b/mobile-attack/malware/malware--0626c181-93cb-4860-9cb0-dff3b1c13063.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ff2e917-8bbe-4331-8856-6c7ea7c4ec6f",
+    "id": "bundle--00adb623-c9e4-4b52-9a74-87935e6e3276",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
index b604bef0e5..d5800274ce 100644
--- a/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
+++ b/mobile-attack/malware/malware--085eb36d-697d-4d9a-bac3-96eb879fe73c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76fcd982-8126-4e0e-b45c-9ae3a8725c2f",
+    "id": "bundle--6967c82a-15e6-4378-8198-3663d4ecec4d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
index b3a382c943..22c9daca7c 100644
--- a/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
+++ b/mobile-attack/malware/malware--08784a9d-09e9-4dce-a839-9612398214e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2879eeb7-7ae8-4427-a169-bf3189125418",
+    "id": "bundle--b983e1f1-23ca-4c47-89a3-bf4368da0d84",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
index 53b22433f8..18d2a8f2c3 100644
--- a/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
+++ b/mobile-attack/malware/malware--0b9c5d11-651a-4378-b129-5c584d0242c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1cf39bb-ef09-4f3a-ab49-c4b9445f409d",
+    "id": "bundle--eadcc5b7-7b56-4229-a816-289b8bf6de06",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
index 5d563981e6..36f9d3b6a3 100644
--- a/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
+++ b/mobile-attack/malware/malware--108b2817-bc01-404e-8e1b-8cdeec846326.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5528cf9f-38af-4967-8e7d-b4d1a746e54e",
+    "id": "bundle--5131fa6e-0a70-4c03-b291-522d20898937",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1.json b/mobile-attack/malware/malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1.json
new file mode 100644
index 0000000000..7004ca8a3c
--- /dev/null
+++ b/mobile-attack/malware/malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1.json
@@ -0,0 +1,48 @@
+{
+    "type": "bundle",
+    "id": "bundle--580c9656-d0ea-4ac7-b2ee-a26058d8366d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-10-07T21:29:43.845Z",
+            "name": "Hornbill",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) is one of two mobile malware families known to be used by the APT [Confucius](https://attack.mitre.org/groups/G0142). Analysis suggests that [Hornbill](https://attack.mitre.org/software/S1077) was first active in early 2018. While [Hornbill](https://attack.mitre.org/software/S1077) and [Sunbird](https://attack.mitre.org/software/S1082) overlap in core capabilities, [Hornbill](https://attack.mitre.org/software/S1077) has tools and behaviors suggesting more passive reconnaissance.(Citation: lookout_hornbill_sunbird_0221)",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_aliases": [
+                "Hornbill"
+            ],
+            "type": "malware",
+            "id": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "created": "2023-06-09T19:07:18.101Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/software/S1077",
+                    "external_id": "S1077"
+                },
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "labels": [
+                "malware"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
index 692d139633..1ec083da25 100644
--- a/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
+++ b/mobile-attack/malware/malware--172444ab-97fc-4d94-b142-179452bfb760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5c88e57-198d-4441-abb6-70ea2a8e408a",
+    "id": "bundle--61bc66f2-3ac2-4c8b-9473-58feb710f4a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
index 8e456f0850..df27ac1ec6 100644
--- a/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
+++ b/mobile-attack/malware/malware--2074b2ad-612e-4758-adce-7901c1b49bbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7db51091-9cab-48f4-b4bd-cd6a3f732a58",
+    "id": "bundle--23b4113e-0d6c-460a-aee9-907251ab57ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
index 86c3e91a53..6ef702a730 100644
--- a/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
+++ b/mobile-attack/malware/malware--20d56cd6-8dff-4871-9889-d32d254816de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f03db16-72e5-4167-a3e1-ac0ee7d3ba2a",
+    "id": "bundle--1f04f3ba-19ef-4b3e-884a-6c7615ef531b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
index e838e95545..972fbf8164 100644
--- a/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
+++ b/mobile-attack/malware/malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5eb8d93-d28a-4a6c-975d-f8955a72c273",
+    "id": "bundle--196d165a-bec3-4081-80fc-91b98699f64a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
index e5bdc2782f..db57c046d0 100644
--- a/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
+++ b/mobile-attack/malware/malware--21170624-89db-4e99-bf27-58d26be07c3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3394ec8e-87c4-45bd-aa99-a1579f3f86da",
+    "id": "bundle--678d6ff3-2109-4403-87ae-7fac6d3822f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
index 7156926206..7b2c2861db 100644
--- a/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
+++ b/mobile-attack/malware/malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bf391fe1-9a25-402a-b45b-82fead99edb9",
+    "id": "bundle--23228022-6947-4d6a-9350-4cc1615c3fdb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
index 5aef030d9b..e56438a30c 100644
--- a/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
+++ b/mobile-attack/malware/malware--22b596a6-d288-4409-8520-5f2846f85514.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c50a956e-ecce-407a-be0a-9b949626d2bc",
+    "id": "bundle--2a3dd0f6-84dd-4852-ad39-2ccca2b863e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
index 5ef1a736d3..7f74633d16 100644
--- a/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
+++ b/mobile-attack/malware/malware--22faaa56-a8ac-4292-9be6-b571b255ee40.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5cea4f3-f1d7-41df-9757-a10610df012c",
+    "id": "bundle--fa561a93-7737-41fc-a374-749ba6f9aaa4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
index 1a8f43caac..02451925b6 100644
--- a/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
+++ b/mobile-attack/malware/malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e2c13dcf-b3c2-4cc4-b18e-531e6346de72",
+    "id": "bundle--11c839c8-b3be-4a30-a655-b2a06fc01388",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
index f8888f95f1..377227be60 100644
--- a/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
+++ b/mobile-attack/malware/malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--625c2048-8ea8-48cf-834d-415b3ffc6346",
+    "id": "bundle--b7a15f69-4b3c-45dc-954b-fa51ce28f8da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
index 48f4263440..f4013db740 100644
--- a/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
+++ b/mobile-attack/malware/malware--28e39395-91e7-4f02-b694-5e079c964da9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd50ce6e-a2b5-41ed-a290-68a28eb4cfcd",
+    "id": "bundle--3dd66e56-d4f3-439a-883a-9d55d890bf21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
index dd65e5ec37..0eea351d3f 100644
--- a/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
+++ b/mobile-attack/malware/malware--29944858-da52-4d3d-b428-f8a6eb8dde6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26d0b1b8-b678-4b2b-8e7a-881a06608342",
+    "id": "bundle--862c734b-ada2-4ae9-b019-1b0544fc3eb7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json b/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json
index ee61da4576..179232b9dc 100644
--- a/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json
+++ b/mobile-attack/malware/malware--2aec175b-4429-4048-8e09-3ef6cbecfc64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--852ae637-8c61-448f-b3b5-1a4d92e9beeb",
+    "id": "bundle--bbe4ffe5-44df-42df-839d-381f6f337172",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f.json b/mobile-attack/malware/malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f.json
new file mode 100644
index 0000000000..8a035552d6
--- /dev/null
+++ b/mobile-attack/malware/malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f.json
@@ -0,0 +1,53 @@
+{
+    "type": "bundle",
+    "id": "bundle--248e51c5-5a49-4474-bb72-7ab343b018ac",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-09-26T13:30:33.039Z",
+            "name": "Chameleon",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) is an Android banking trojan that can leverage Android\u2019s Accessibility Services to perform malicious activities. Believed to have been first active in January 2023, [Chameleon](https://attack.mitre.org/software/S1083) has been observed targeting users in Australia and Poland by masquerading as official apps.(Citation: cyble_chameleon_0423)",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_contributors": [
+                "Yasuhito Kawanishi, NEC Corporation",
+                "Manikantan Srinivasan, NEC Corporation India",
+                "Pooja Natarajan, NEC Corporation India"
+            ],
+            "x_mitre_aliases": [
+                "Chameleon"
+            ],
+            "type": "malware",
+            "id": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "created": "2023-08-16T16:30:44.598Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/software/S1083",
+                    "external_id": "S1083"
+                },
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "labels": [
+                "malware"
+            ],
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
index f78441e448..925dba912a 100644
--- a/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
+++ b/mobile-attack/malware/malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b77c17d3-ae43-490d-9989-420b6b9727c0",
+    "id": "bundle--f9851a54-46d1-4792-95b0-999fec75f375",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
index 708541c86c..748bb6a478 100644
--- a/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
+++ b/mobile-attack/malware/malware--317a2c10-d489-431e-b6b2-f0251fddc88e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd696d62-8af8-433c-aa13-90735085ac48",
+    "id": "bundle--8a8669d7-ac20-4e4d-9c89-a4e88d8f8300",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
index 7f51694bbc..9475a18fd9 100644
--- a/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
+++ b/mobile-attack/malware/malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9842f376-d90d-4705-b0b6-135e1fb6ed34",
+    "id": "bundle--098cc51c-101e-43d5-9fc3-ffcf98a8efab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
index 844ed1a483..42867d09f6 100644
--- a/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
+++ b/mobile-attack/malware/malware--3271c107-92c4-442e-9506-e76d62230ee8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28411bd5-b4de-4307-8630-5aeb5ac68356",
+    "id": "bundle--9a65585a-0f95-4425-b4ff-98cc48436cbc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
index 9970e42129..031eab4d2b 100644
--- a/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
+++ b/mobile-attack/malware/malware--33d9d91d-aad9-49d5-a516-220ce101ac8a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--815b49aa-accb-45a1-ad61-17d1863401c5",
+    "id": "bundle--701da652-a9b5-4954-9969-bee71e585fca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
index 1d5c0c33ec..3aaae25386 100644
--- a/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
+++ b/mobile-attack/malware/malware--35aae10a-97c5-471a-9c67-02c231a7a31a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a257722-aca9-4278-9ddc-78e4681a94f5",
+    "id": "bundle--89bd3cba-e492-498c-825b-415ec7ccf456",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
index b449d08394..9fda41153f 100644
--- a/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
+++ b/mobile-attack/malware/malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--055dfbc1-3093-4d29-9376-32d9803399a4",
+    "id": "bundle--687c29eb-34d9-4c8e-9b3b-deb931b2c53a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
index 728016fcb1..341a668d86 100644
--- a/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
+++ b/mobile-attack/malware/malware--366c800f-97a8-48d5-b0a6-79d00198252a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24d42bbf-e163-4028-ad39-db9fdc867ae3",
+    "id": "bundle--1d44c651-1299-464a-b79d-9617f717ba86",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
index 220579e09a..9c32c3d619 100644
--- a/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
+++ b/mobile-attack/malware/malware--3a913bac-4fae-4d0e-bca8-cae452f1599b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67aa9091-62d0-43d1-ba3d-d7025649da7e",
+    "id": "bundle--f12013f8-69ee-4ed0-9ae1-5d1c3e625c9d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
index 3cc8412158..383ba414d0 100644
--- a/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
+++ b/mobile-attack/malware/malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d42315c-8368-4a56-9201-535e1e8a28da",
+    "id": "bundle--3074ef2c-8f62-4bf8-bd85-4015a88ac388",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
index 11e29ccb03..b70fed6304 100644
--- a/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
+++ b/mobile-attack/malware/malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a7a4d18-7cc7-4a95-b821-dcb39bfbdd83",
+    "id": "bundle--8b743ce2-bb99-4fae-8be3-7605f636da9b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
index 4c78a99015..6d5842b83d 100644
--- a/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
+++ b/mobile-attack/malware/malware--3d6c4389-3489-40a3-beda-c56e650b6f68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bec3cf3-c7dc-4300-832a-4b3855d554b2",
+    "id": "bundle--c583ba89-4f40-4da2-919b-67b183e52e43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
index 3ab3036547..d2d74d7459 100644
--- a/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
+++ b/mobile-attack/malware/malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39cb50f9-d713-43c6-8171-fc3722665d1b",
+    "id": "bundle--ddd2afcf-f827-45ab-9088-9e393c889588",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--429e1526-6293-495b-8808-af7f9a66c4be.json b/mobile-attack/malware/malware--429e1526-6293-495b-8808-af7f9a66c4be.json
new file mode 100644
index 0000000000..f5c7391062
--- /dev/null
+++ b/mobile-attack/malware/malware--429e1526-6293-495b-8808-af7f9a66c4be.json
@@ -0,0 +1,53 @@
+{
+    "type": "bundle",
+    "id": "bundle--a7795fe7-d92e-4bb9-8fec-55db547bce65",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-10-11T14:36:39.396Z",
+            "name": "Fakecalls",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) is an Android trojan, first detected in January 2021, that masquerades as South Korean banking apps. It has capabilities to intercept calls to banking institutions and even maintain realistic dialogues with the victim using pre-recorded audio snippets.(Citation: kaspersky_fakecalls_0422) ",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_contributors": [
+                "Pooja Natarajan, NEC Corporation India",
+                "Hiroki Nagahama, NEC Corporation",
+                "Manikantan Srinivasan, NEC Corporation India"
+            ],
+            "x_mitre_aliases": [
+                "Fakecalls"
+            ],
+            "type": "malware",
+            "id": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "created": "2023-07-21T19:49:44.577Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/software/S1080",
+                    "external_id": "S1080"
+                },
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "labels": [
+                "malware"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json b/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json
index 2d9e7effef..70d1d4b19b 100644
--- a/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json
+++ b/mobile-attack/malware/malware--4b53eb01-57d7-47b4-b078-22766b002b36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--89dd569f-7b05-447e-8151-2e7911a11aa8",
+    "id": "bundle--107c7a30-4a3d-4a95-ae14-bf2128941aa8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
index fd2402a097..f427d4a397 100644
--- a/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
+++ b/mobile-attack/malware/malware--4bf6ba32-4165-42c1-b911-9c36165891c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26b81283-4788-4d01-8b1d-fa9519d5f54c",
+    "id": "bundle--b6747f68-085d-4d8f-a35a-de8ef5787dc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
index 010c3d9f44..fd1d13780c 100644
--- a/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
+++ b/mobile-attack/malware/malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c2b09c0-0980-4685-9bcf-04861664380b",
+    "id": "bundle--3a5ad9a7-d333-4053-84f4-e96c386327f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
index 71fe12f16e..23de009edc 100644
--- a/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
+++ b/mobile-attack/malware/malware--52c994fa-b6c8-45a8-9586-a4275cf19307.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdf693fa-daeb-4d2a-9057-2a4cdc0bdaef",
+    "id": "bundle--23cc29c4-2497-4b09-b3cb-b76edbde1bf3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
index 0966e462bd..91f958e60c 100644
--- a/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
+++ b/mobile-attack/malware/malware--56660521-6db4-4e5a-a927-464f22954b7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7cd8c0ca-393f-42f6-a0b2-ad4473ca33d4",
+    "id": "bundle--bbdf004b-c3d4-4beb-9584-6ac689eb7ada",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
index cda08490cf..3a0405e656 100644
--- a/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
+++ b/mobile-attack/malware/malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b73f51da-4a16-499c-b52e-65ea4a898f0e",
+    "id": "bundle--42c7dad8-687d-4d98-92ad-dd414cba92ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
index d77c891b7f..c2cb45a110 100644
--- a/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
+++ b/mobile-attack/malware/malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73842ea7-e8d6-44d2-89b5-e17c3cc29207",
+    "id": "bundle--6c510cdb-dd66-4ad6-a449-f7b5d9cb636d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
index 6b332477e4..07097e6052 100644
--- a/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
+++ b/mobile-attack/malware/malware--6146be90-470c-4049-bb3a-9986b8ffb65b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23cff331-cc5e-44e4-9f0e-ff75ba38e76b",
+    "id": "bundle--2626039f-4ac0-4521-b5f9-dac4700ae086",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
index 075c343a74..f320cbc9ab 100644
--- a/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
+++ b/mobile-attack/malware/malware--6447e3a1-ef4d-44b1-99d5-6b1c4888674f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3c28bcd-fa0b-476f-9545-fe23adcc864b",
+    "id": "bundle--e89994d0-3197-4081-be0d-b8c1ded1f2b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
index 49a60b890c..6d5b55b905 100644
--- a/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
+++ b/mobile-attack/malware/malware--680f680c-eef9-4f8a-b5f5-f451bf47e403.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa99b109-0573-42b5-b889-cadca5361d9c",
+    "id": "bundle--d7ff7349-87bf-4eb5-a3ad-6f29d5247f46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json b/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json
index d92cc9151f..fd05002980 100644
--- a/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json
+++ b/mobile-attack/malware/malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ff57f39-c5c1-46bb-9d7f-038093c85c8c",
+    "id": "bundle--eb2e809a-c313-4a48-9581-dfb503e316a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
index 241dcd4a8b..618ae68cf7 100644
--- a/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
+++ b/mobile-attack/malware/malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3b8980d-38d6-435f-93bb-998abf1e08c9",
+    "id": "bundle--5a5837f5-1426-4467-ac39-04c77f419506",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
index 7996a7d076..7cf0b4fd1f 100644
--- a/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
+++ b/mobile-attack/malware/malware--6e282bbf-5f32-476a-b879-ba77eec463c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40105c51-b144-420d-90e9-c27b4be270d6",
+    "id": "bundle--63da0cf3-e8d0-4f6f-ab8f-197f3139fb2a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
index 2063b352ef..1b110a597c 100644
--- a/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
+++ b/mobile-attack/malware/malware--6fcaf9b0-b509-4644-9f93-556222c81ed2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d80d4cd-5790-4777-9ad8-ccd7acd9e024",
+    "id": "bundle--3753d099-4503-47cc-bb99-0fffb4c74428",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--8338393c-cb2e-4ee6-b944-34672499c785.json b/mobile-attack/malware/malware--8338393c-cb2e-4ee6-b944-34672499c785.json
new file mode 100644
index 0000000000..b795e00898
--- /dev/null
+++ b/mobile-attack/malware/malware--8338393c-cb2e-4ee6-b944-34672499c785.json
@@ -0,0 +1,53 @@
+{
+    "type": "bundle",
+    "id": "bundle--92e807d4-ef51-4f26-a28a-59ee2d525ec5",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-10-16T16:57:33.534Z",
+            "name": "FlyTrap",
+            "description": "[FlyTrap](https://attack.mitre.org/software/S1093) is an Android trojan, first detected in March 2021, that uses social engineering tactics to compromise Facebook accounts. [FlyTrap](https://attack.mitre.org/software/S1093) was initially detected through infected apps on the Google Play store, and is believed to have impacted over 10,000 victims across at least 140 countries.(Citation: Trend Micro FlyTrap) ",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_contributors": [
+                "Pooja Natarajan, NEC Corporation India",
+                "Hiroki Nagahama, NEC Corporation",
+                "Manikantan Srinivasan, NEC Corporation India"
+            ],
+            "x_mitre_aliases": [
+                "FlyTrap"
+            ],
+            "type": "malware",
+            "id": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+            "created": "2023-09-28T17:36:00.965Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/software/S1093",
+                    "external_id": "S1093"
+                },
+                {
+                    "source_name": "Trend Micro FlyTrap",
+                    "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts \u2014 Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+                    "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "labels": [
+                "malware"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
index 1b292f43ac..5fdc71c093 100644
--- a/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
+++ b/mobile-attack/malware/malware--838f647e-8ff8-48bd-bbd5-613cee7736cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0eef57c-ff9e-4405-b19c-db501fe70522",
+    "id": "bundle--6101f975-d6a5-4ff6-8c06-ffc9a7cdf85e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
index d93faf5b35..ea8ae9850d 100644
--- a/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
+++ b/mobile-attack/malware/malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9de398bb-b902-491c-a125-4f28d0ae8f4e",
+    "id": "bundle--8f3a7362-c465-4a35-83f1-469f0dab8fd9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
index 105e89c97d..86d89a9759 100644
--- a/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
+++ b/mobile-attack/malware/malware--89c3dbf6-f281-41b7-be1d-a0e641014853.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b76cee9-0580-4381-8459-6cd461545467",
+    "id": "bundle--89079fd5-4b39-49ce-8a95-c1d2d41bb277",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
index cb8e90c276..295d272fb8 100644
--- a/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
+++ b/mobile-attack/malware/malware--936be60d-90eb-4c36-9247-4b31128432c4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d4351f7-6787-4bb1-99a4-7ac860ab8149",
+    "id": "bundle--dd2930c3-b4a8-467a-bceb-bfecbdc97ba8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
index 873e8c907b..343d521585 100644
--- a/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
+++ b/mobile-attack/malware/malware--93799a9d-3537-43d8-b6f4-17215de1657c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4eb4a60d-267f-489c-9186-8e75a35ba442",
+    "id": "bundle--3c2f8a54-a312-4f50-9a38-7b94a40d1e76",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
index e39503abf0..30ab92c994 100644
--- a/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
+++ b/mobile-attack/malware/malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41486315-cd28-433e-bbba-b8222b23d9b1",
+    "id": "bundle--69cd93bc-00c5-4ebf-9136-483335baefa6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
index d7e2792bea..2e735aad10 100644
--- a/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
+++ b/mobile-attack/malware/malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50705e7d-e39c-4cbc-824a-8b36ac86c5f9",
+    "id": "bundle--fd352caa-2b38-4caa-adfb-7fa295c11ee6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json b/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json
index 34e0888e3c..ab88fe1aac 100644
--- a/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json
+++ b/mobile-attack/malware/malware--9cd72f5c-bec0-4f7e-bb6d-296937116291.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--038ff49f-31de-416a-9858-88c2f392b71f",
+    "id": "bundle--56af0785-5f86-4866-a02c-f166b4ccf8d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
index fa91a311de..3031c228f4 100644
--- a/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
+++ b/mobile-attack/malware/malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f41ad7de-97a1-4f94-8fd2-cbb5fe2cf44d",
+    "id": "bundle--ce065e1e-6805-405b-bc08-e8801a73b16b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
index 54b1ceed75..0515faba08 100644
--- a/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
+++ b/mobile-attack/malware/malware--a0d774e4-bafc-4292-8651-3ec899391341.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1fd7d976-6540-40de-b0cf-01a5be61f920",
+    "id": "bundle--1712549a-0f1f-49eb-9386-5706de02b2a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
index 3d7da16c37..df42ce32d0 100644
--- a/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
+++ b/mobile-attack/malware/malware--a15c9357-2be0-4836-beec-594f28b9b4a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37b89d02-516d-4a83-9657-65823f4597eb",
+    "id": "bundle--e25fae2e-780d-4664-ac74-621785523f1c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
index 0a2a2c3ce9..1d73b413f7 100644
--- a/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
+++ b/mobile-attack/malware/malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--363e1611-2fba-4bf9-a72d-34915d44cd00",
+    "id": "bundle--bf0c90b4-c52c-48ef-afc1-9f0abd3e6976",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1.json b/mobile-attack/malware/malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1.json
new file mode 100644
index 0000000000..7b971195c6
--- /dev/null
+++ b/mobile-attack/malware/malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1.json
@@ -0,0 +1,54 @@
+{
+    "type": "bundle",
+    "id": "bundle--ef770fb4-c1e9-4cdf-99bf-c899f6e87c17",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-10-20T21:40:21.121Z",
+            "name": "BOULDSPY",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) is an Android malware, detected in early 2023, with surveillance and remote-control capabilities. Analysis of exfiltrated C2 data suggests that [BOULDSPY](https://attack.mitre.org/software/S1079) primarily targeted minority groups in Iran.(Citation: lookout_bouldspy_0423)",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_contributors": [
+                "Gunji Satoshi, NEC Corporation",
+                "Manikantan Srinivasan, NEC Corporation India",
+                "Pooja Natarajan, NEC Corporation India",
+                "Phyo Paing Htun (ChiLai), I-Secure Co.,Ltd"
+            ],
+            "x_mitre_aliases": [
+                "BOULDSPY"
+            ],
+            "type": "malware",
+            "id": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "created": "2023-07-21T19:31:54.632Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/software/S1079",
+                    "external_id": "S1079"
+                },
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "labels": [
+                "malware"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
index 8eba384284..f28773df74 100644
--- a/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
+++ b/mobile-attack/malware/malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--19d7f108-520e-4663-9e2c-98bb1cf95d14",
+    "id": "bundle--8ec1bfc4-db4a-40a6-aa12-94fa044d63f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
index 64d578f6b2..ac1ece79a2 100644
--- a/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
+++ b/mobile-attack/malware/malware--a3dad2be-ce62-4440-953b-00fbce7aba93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3a0f5e0-204c-4991-8957-5ed7a1fc95a0",
+    "id": "bundle--5d1b1bf2-ca99-45fb-90ad-129a23f6103b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
index 3e879c821c..d2a9ada54b 100644
--- a/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
+++ b/mobile-attack/malware/malware--a5528622-3a8a-4633-86ce-8cdaf8423858.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de65019e-6860-4c89-a406-2bb801d72ba0",
+    "id": "bundle--643821fd-a763-4e63-8377-bcafd929b0b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
index 7bee296570..564753c267 100644
--- a/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
+++ b/mobile-attack/malware/malware--a6228601-03f6-4949-ae22-c1087627a637.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3edfeaa2-f972-4e01-9441-4b36b3ef28ea",
+    "id": "bundle--f1eb7c69-57dd-4b59-9b04-deaa6f3b4f93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
index b012e1f26b..dbc5fe3faa 100644
--- a/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
+++ b/mobile-attack/malware/malware--a76b837b-93cc-417d-bf28-c47a6a284fa4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--062470c8-a31a-4183-901a-45d685404979",
+    "id": "bundle--ead3e79f-b4e6-4f30-b692-b3329e8d9d1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
index 20c7ead342..51c35b3f50 100644
--- a/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
+++ b/mobile-attack/malware/malware--a993495c-9813-4372-b9ec-d168c7f7ec0a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33c1d4c8-9f51-482e-9d44-4a80d1f17abd",
+    "id": "bundle--caf88af4-1c7c-4a64-85a5-449ad53a3334",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
index 61d9de34d4..4170bdff24 100644
--- a/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
+++ b/mobile-attack/malware/malware--aecc0097-c9f8-4786-9b39-e891ff173f54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94df2d37-6456-49a2-ace2-9683d0fd7345",
+    "id": "bundle--21fd7258-05ff-44b8-9d14-29caa406ed0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
index b225116e8f..2520f25cfc 100644
--- a/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
+++ b/mobile-attack/malware/malware--aef537ba-10c2-40ed-a57a-80b8508aada4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61ceb2c7-7d85-45e5-8f86-4fcb256cdb12",
+    "id": "bundle--feb65bb9-3ab8-4f0e-9a76-fec68d00a3e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
index 83853b65b7..78610e2ba5 100644
--- a/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
+++ b/mobile-attack/malware/malware--c0efbaae-9e7d-4716-a92d-68373aac7424.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ae429c5-b2b3-4dd6-ab62-eb1e162318e7",
+    "id": "bundle--fca75ab7-4820-4663-912c-74df793ce3b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
index baaf0b5f09..0574f186c7 100644
--- a/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
+++ b/mobile-attack/malware/malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d035a907-d888-4909-84e1-56be02857455",
+    "id": "bundle--9b288dec-1a03-4c97-a1da-9969cb32a03f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
index 3316ebf0fa..d6ecfdbe59 100644
--- a/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
+++ b/mobile-attack/malware/malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--568445c5-ba3f-42f5-a61b-2b6c1b80db71",
+    "id": "bundle--e7800a9f-7a5c-4a04-b0ec-6dd8f2d5d328",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
index d7f75b2394..5fa9f71fcb 100644
--- a/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
+++ b/mobile-attack/malware/malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fdf805c-cb19-4939-ba96-f302d0e85d6f",
+    "id": "bundle--918de3a1-18cc-4cba-84ec-8d5a9f40dc80",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
index 5f10c38a0a..e2514855fc 100644
--- a/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
+++ b/mobile-attack/malware/malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4e6d1181-2e52-485d-aafa-f1e74094a0b5",
+    "id": "bundle--91bf95d8-05b8-4766-ade4-63aba1d265f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
index 91eb89fae3..d8f85a437b 100644
--- a/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
+++ b/mobile-attack/malware/malware--c709da93-20c3-4d17-ab68-48cba76b2137.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8068635a-ed0d-4cde-9d3d-2fd70e2e5ce7",
+    "id": "bundle--f53053a6-764e-4929-9d7b-63bab883b306",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
index bce0835306..2b8c6763bb 100644
--- a/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
+++ b/mobile-attack/malware/malware--c80a6bef-b3ce-44d0-b113-946e93124898.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f6bed46f-8959-4b91-a8ed-930e091cc3b0",
+    "id": "bundle--1f2cda53-09ae-4b47-bf0d-5e3789aa246b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
index eba4e12901..b3bac2b4a5 100644
--- a/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
+++ b/mobile-attack/malware/malware--c8770c81-c29f-40d2-a140-38544206b2b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--db7b04e7-f6a0-4222-b056-a78f6b3e4cfe",
+    "id": "bundle--5415e9e2-7738-4b09-b642-b86c4418cc42",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
index 90dd5dba8a..b4fd6cfe39 100644
--- a/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
+++ b/mobile-attack/malware/malware--c91cec55-634c-4670-ba10-2dc7ceb28e98.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50d98910-a2ca-4905-b12a-dc19838f39fb",
+    "id": "bundle--86316185-4a99-4fd2-96e5-9966dd26e9b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
index fce22b1cea..0f3460902a 100644
--- a/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
+++ b/mobile-attack/malware/malware--ca4f63b9-a358-4214-bb26-8c912318cfde.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7defb13-9aec-42b0-bc62-24ee9bf251a7",
+    "id": "bundle--65e1c909-a536-484e-bee5-1b5652575baa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
index bc832a2e54..1626c05354 100644
--- a/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
+++ b/mobile-attack/malware/malware--d05f7357-4cbe-47ea-bf83-b8604226d533.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f94a680-b843-471f-9c9c-a8d41e9a4245",
+    "id": "bundle--4f2474ae-b150-448c-bd11-67170baf92ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
index 2fdb7941a6..e7c2ccc874 100644
--- a/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
+++ b/mobile-attack/malware/malware--d1c600f8-0fb6-4367-921b-85b71947d950.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c094989-32f9-4ebe-bcde-f2db23e919ff",
+    "id": "bundle--e422f31b-3ec1-41d1-b2a8-2767885246cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json b/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json
index 19f37ccf31..7effaaf1e4 100644
--- a/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json
+++ b/mobile-attack/malware/malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8248a25-a1fe-45d7-a32c-0b130c873e58",
+    "id": "bundle--af6ff044-4e29-4962-b387-1dc49cace08c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
index 6313c0999b..763fa7c98b 100644
--- a/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
+++ b/mobile-attack/malware/malware--d89c132d-7752-4c7f-9372-954a71522985.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5127a3a-708d-467f-9759-2a60ec9bc2dd",
+    "id": "bundle--653df2c6-7a10-4521-ad5c-694051302f92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
index f6c3e6f08d..352c36ac44 100644
--- a/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
+++ b/mobile-attack/malware/malware--d9e07aea-baad-4b68-bdca-90c77647d7f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36b2624e-e050-438d-bc53-e3909dd8c1b2",
+    "id": "bundle--d8751ac6-a4be-4c88-a448-585eabefbbbe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
index 89dc5d594e..def32fae79 100644
--- a/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
+++ b/mobile-attack/malware/malware--ddbe5657-e21e-4a89-8221-2f1362d397ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3cf2da12-04c0-44cc-877c-e1ee509631c6",
+    "id": "bundle--c8a9e125-aeee-4fed-bb7f-288d38f29920",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
index d7c985cd81..c943286051 100644
--- a/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
+++ b/mobile-attack/malware/malware--dfdac962-9461-47f0-a212-36dfce2a97e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4f81d96-b564-4651-a405-e3d881295b08",
+    "id": "bundle--706631af-b1c3-430d-b656-e9abc962f590",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
index 863940ea54..37b5d3bc53 100644
--- a/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
+++ b/mobile-attack/malware/malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--891abd3a-ef78-425c-afa8-467e169c6334",
+    "id": "bundle--3b9d8ed7-2487-47cc-b9bc-0cf7ec4af546",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
index 530aaf65f6..aad7f98d0e 100644
--- a/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
+++ b/mobile-attack/malware/malware--e13d084c-382f-40fd-aa9a-98d69e20301e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96119e33-cae1-49ae-9909-8352cafa11cf",
+    "id": "bundle--fd0bc285-02fb-468f-b57e-fe924b167e30",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
index 04b74f68d0..f81f86a507 100644
--- a/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
+++ b/mobile-attack/malware/malware--e296b110-46d3-4f7a-894c-cc71ea50168c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef95d125-49e0-497a-8da3-4fb05fd50782",
+    "id": "bundle--578ca61f-2a01-48bf-905f-962640d70d3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a.json b/mobile-attack/malware/malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a.json
new file mode 100644
index 0000000000..1d69cfd73e
--- /dev/null
+++ b/mobile-attack/malware/malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a.json
@@ -0,0 +1,53 @@
+{
+    "type": "bundle",
+    "id": "bundle--2cbb5c2b-cd09-41f6-b41d-59021ad424ae",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-10-11T14:36:10.445Z",
+            "name": "Escobar",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) is an Android banking trojan, first detected in March 2021, believed to be a new variant of AbereBot.(Citation: Bleeipng Computer Escobar)",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_contributors": [
+                "Pooja Natarajan, NEC Corporation India",
+                "Hiroki Nagahama, NEC Corporation",
+                "Manikantan Srinivasan, NEC Corporation India"
+            ],
+            "x_mitre_aliases": [
+                "Escobar"
+            ],
+            "type": "malware",
+            "id": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "created": "2023-09-28T17:04:46.516Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/software/S1092",
+                    "external_id": "S1092"
+                },
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "labels": [
+                "malware"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
index 5dbbf90752..ed630a49ba 100644
--- a/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
+++ b/mobile-attack/malware/malware--f082fc59-0317-49cf-971f-a1b6296ebb52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a831de87-12ec-420b-afbe-34ed0f3b271c",
+    "id": "bundle--428ba98b-2f89-4521-b38b-82eb330f67b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
index 897e46bd73..bab0737436 100644
--- a/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
+++ b/mobile-attack/malware/malware--f3975cc0-72bc-4308-836e-ac701b83860e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--214da390-f24d-49cf-9fd9-cdbbb21ffb9a",
+    "id": "bundle--b057c7a1-7733-4cdc-80f3-a5e4cee7d4a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json b/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json
index 5af8cd710e..4a361d41dc 100644
--- a/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json
+++ b/mobile-attack/malware/malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--912a39c2-3745-4ee9-a785-48f50bc6f67a",
+    "id": "bundle--35ac2cc0-3985-42bf-bb89-8a79c64ceec6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
index 12abe47795..25181eb291 100644
--- a/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
+++ b/mobile-attack/malware/malware--f666e17c-b290-43b3-8947-b96bd5148fbb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--80900544-0db5-49f8-93ae-b55f51ef2857",
+    "id": "bundle--be0dc0b8-baed-431c-8287-c078f24af342",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
index 7a2ae16882..0daa78273f 100644
--- a/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
+++ b/mobile-attack/malware/malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c425f8c2-81a7-4a32-ad1a-b0aa254b2a63",
+    "id": "bundle--6cf58416-2fc0-4844-a9d1-a98b7a2afbfc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
index 503b886d05..c4d2349a86 100644
--- a/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
+++ b/mobile-attack/malware/malware--f79c01eb-2954-40d8-a819-00b342f47ce7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--901aeb88-7782-44de-bd8e-e037b0b9e31e",
+    "id": "bundle--0d1067d0-6a32-451e-ae1b-bb9685d91964",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
index 67825a862b..7ec6fddad1 100644
--- a/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
+++ b/mobile-attack/malware/malware--f7e7b736-2cff-4c2a-9232-352cd383463a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38a2f7aa-63c9-4826-acb9-ca14e9dc0a0f",
+    "id": "bundle--88535907-4c00-4b71-900e-c6a86ae547ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
index 2909f49509..3a55832049 100644
--- a/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
+++ b/mobile-attack/malware/malware--f9854ba6-989d-43bf-828b-7240b8a65291.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a0a7a55-92dd-4a22-958c-67895909c532",
+    "id": "bundle--96b95280-8d9d-483d-b139-c34358d52dec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json b/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json
index 40949a2fda..8ca4cd31f7 100644
--- a/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json
+++ b/mobile-attack/malware/malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88766868-8743-4f63-9ebc-2b700500db46",
+    "id": "bundle--aebd2e76-a624-4245-9968-23a0b6735940",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--feae299d-e34f-4fc9-8545-486d0905bd41.json b/mobile-attack/malware/malware--feae299d-e34f-4fc9-8545-486d0905bd41.json
new file mode 100644
index 0000000000..47dbcd76f0
--- /dev/null
+++ b/mobile-attack/malware/malware--feae299d-e34f-4fc9-8545-486d0905bd41.json
@@ -0,0 +1,48 @@
+{
+    "type": "bundle",
+    "id": "bundle--4521a050-a7c7-4757-86fe-954c0ddc9e88",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "modified": "2023-10-07T21:33:03.773Z",
+            "name": "Sunbird",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) is one of two mobile malware families known to be used by the APT [Confucius](https://attack.mitre.org/groups/G0142).  Analysis suggests that [Sunbird](https://attack.mitre.org/software/S1082) was first active in early 2017. While [Sunbird](https://attack.mitre.org/software/S1082) and [Hornbill](https://attack.mitre.org/software/S1077) overlap in core capabilities, [Sunbird](https://attack.mitre.org/software/S1082) has a more extensive set of malicious features.(Citation: lookout_hornbill_sunbird_0221)",
+            "x_mitre_platforms": [
+                "Android"
+            ],
+            "x_mitre_deprecated": false,
+            "x_mitre_domains": [
+                "mobile-attack"
+            ],
+            "x_mitre_version": "1.0",
+            "x_mitre_aliases": [
+                "Sunbird"
+            ],
+            "type": "malware",
+            "id": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "created": "2023-08-04T18:27:24.614Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "mitre-attack",
+                    "url": "https://attack.mitre.org/software/S1082",
+                    "external_id": "S1082"
+                },
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "labels": [
+                "malware"
+            ],
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
index 542ecb8b41..82acfc7c6b 100644
--- a/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
+++ b/mobile-attack/malware/malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4fed240-1a26-498f-a99d-262b353e498a",
+    "id": "bundle--feb64049-e514-4b70-b4d1-4f5b1b9a502c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
index d9987aa324..f740d87770 100644
--- a/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
+++ b/mobile-attack/malware/malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a575a2cd-8a18-4760-9605-4012abb89a98",
+    "id": "bundle--fa1b4a2c-4921-4824-9a72-fa0a5a9b3330",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
index f640d09b37..fc7957bb96 100644
--- a/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
+++ b/mobile-attack/marking-definition/marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4523d20e-c390-45e6-81df-70917688e607",
+    "id": "bundle--136b2e3d-cec5-4ca1-a0c2-79b8c69c1aa2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/mobile-attack.json b/mobile-attack/mobile-attack.json
index 33bd6ad674..33181c2edd 100644
--- a/mobile-attack/mobile-attack.json
+++ b/mobile-attack/mobile-attack.json
@@ -1,6 +1,6 @@
 {
   "type": "bundle",
-  "id": "bundle--eb94af3a-7838-4380-9f08-5d9142bc7b40",
+  "id": "bundle--e2914d4f-f9fb-42a2-b857-4cb0c9e7032c",
   "objects": [
     {
       "tactic_refs": [
@@ -120,17 +120,20 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-09-27T20:18:19.004Z",
+      "name": "Application Developer Guidance",
+      "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.",
+      "x_mitre_deprecated": false,
       "x_mitre_domains": [
         "enterprise-attack",
         "mobile-attack"
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "x_mitre_version": "1.1",
       "type": "course-of-action",
+      "id": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
       "created": "2017-10-25T14:48:53.732Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
@@ -138,10 +141,10 @@
           "external_id": "M1013"
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "name": "Application Developer Guidance",
-      "description": "This mitigation describes any guidance or training given to developers of applications to avoid introducing security weaknesses that an adversary may be able to take advantage of.",
-      "x_mitre_version": "1.0",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -192,6 +195,33 @@
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-21T19:36:08.280Z",
+      "name": "Antivirus/Antimalware",
+      "description": "Mobile security products, such as Mobile Threat Defense (MTD), offer various device-based mitigations against certain behaviors.",
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "course-of-action",
+      "id": "course-of-action--78671282-26aa-486c-a7a5-5921e1616b58",
+      "created": "2023-09-21T19:36:08.280Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/mitigations/M1058",
+          "external_id": "M1058"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "x_mitre_domains": [
         "mobile-attack"
@@ -323,16 +353,19 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-08-15T15:06:03.428Z",
+      "name": "Interconnection Filtering",
+      "description": "In order to mitigate Signaling System 7 (SS7) exploitation, the Communications, Security, Reliability, and Interoperability Council (CSRIC) describes filtering interconnections between network operators to block inappropriate requests (Citation: CSRIC5-WG10-FinalReport).",
+      "x_mitre_deprecated": false,
       "x_mitre_domains": [
         "mobile-attack"
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
+      "x_mitre_version": "1.0",
       "type": "course-of-action",
+      "id": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
       "created": "2017-10-25T14:48:50.181Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
@@ -342,13 +375,13 @@
         {
           "source_name": "CSRIC5-WG10-FinalReport",
           "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
-          "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
+          "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "name": "Interconnection Filtering",
-      "description": "In order to mitigate Signaling System 7 (SS7) exploitation, the Communications, Security, Reliability, and Interoperability Council (CSRIC) describes filtering interconnections between network operators to block inappropriate requests (Citation: CSRIC5-WG10-FinalReport).",
-      "x_mitre_version": "1.0",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -740,6 +773,47 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-10-07T21:29:43.845Z",
+      "name": "Hornbill",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) is one of two mobile malware families known to be used by the APT [Confucius](https://attack.mitre.org/groups/G0142). Analysis suggests that [Hornbill](https://attack.mitre.org/software/S1077) was first active in early 2018. While [Hornbill](https://attack.mitre.org/software/S1077) and [Sunbird](https://attack.mitre.org/software/S1082) overlap in core capabilities, [Hornbill](https://attack.mitre.org/software/S1077) has tools and behaviors suggesting more passive reconnaissance.(Citation: lookout_hornbill_sunbird_0221)",
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_aliases": [
+        "Hornbill"
+      ],
+      "type": "malware",
+      "id": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "created": "2023-06-09T19:07:18.101Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/software/S1077",
+          "external_id": "S1077"
+        },
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "labels": [
+        "malware"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2022-10-24T15:09:07.609Z",
       "name": "Judy",
@@ -1278,6 +1352,52 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-26T13:30:33.039Z",
+      "name": "Chameleon",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) is an Android banking trojan that can leverage Android’s Accessibility Services to perform malicious activities. Believed to have been first active in January 2023, [Chameleon](https://attack.mitre.org/software/S1083) has been observed targeting users in Australia and Poland by masquerading as official apps.(Citation: cyble_chameleon_0423)",
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_contributors": [
+        "Yasuhito Kawanishi, NEC Corporation",
+        "Manikantan Srinivasan, NEC Corporation India",
+        "Pooja Natarajan, NEC Corporation India"
+      ],
+      "x_mitre_aliases": [
+        "Chameleon"
+      ],
+      "type": "malware",
+      "id": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "created": "2023-08-16T16:30:44.598Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/software/S1083",
+          "external_id": "S1083"
+        },
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "labels": [
+        "malware"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "labels": [
         "malware"
@@ -1829,6 +1949,52 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ]
     },
+    {
+      "modified": "2023-10-11T14:36:39.396Z",
+      "name": "Fakecalls",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) is an Android trojan, first detected in January 2021, that masquerades as South Korean banking apps. It has capabilities to intercept calls to banking institutions and even maintain realistic dialogues with the victim using pre-recorded audio snippets.(Citation: kaspersky_fakecalls_0422) ",
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_contributors": [
+        "Pooja Natarajan, NEC Corporation India",
+        "Hiroki Nagahama, NEC Corporation",
+        "Manikantan Srinivasan, NEC Corporation India"
+      ],
+      "x_mitre_aliases": [
+        "Fakecalls"
+      ],
+      "type": "malware",
+      "id": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "created": "2023-07-21T19:49:44.577Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/software/S1080",
+          "external_id": "S1080"
+        },
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "labels": [
+        "malware"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2023-04-13T22:32:16.509Z",
       "name": "S.O.V.A.",
@@ -2425,6 +2591,52 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-10-16T16:57:33.534Z",
+      "name": "FlyTrap",
+      "description": "[FlyTrap](https://attack.mitre.org/software/S1093) is an Android trojan, first detected in March 2021, that uses social engineering tactics to compromise Facebook accounts. [FlyTrap](https://attack.mitre.org/software/S1093) was initially detected through infected apps on the Google Play store, and is believed to have impacted over 10,000 victims across at least 140 countries.(Citation: Trend Micro FlyTrap) ",
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_contributors": [
+        "Pooja Natarajan, NEC Corporation India",
+        "Hiroki Nagahama, NEC Corporation",
+        "Manikantan Srinivasan, NEC Corporation India"
+      ],
+      "x_mitre_aliases": [
+        "FlyTrap"
+      ],
+      "type": "malware",
+      "id": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+      "created": "2023-09-28T17:36:00.965Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/software/S1093",
+          "external_id": "S1093"
+        },
+        {
+          "source_name": "Trend Micro FlyTrap",
+          "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+          "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "labels": [
+        "malware"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "labels": [
         "malware"
@@ -2924,6 +3136,53 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ]
     },
+    {
+      "modified": "2023-10-20T21:40:21.121Z",
+      "name": "BOULDSPY",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) is an Android malware, detected in early 2023, with surveillance and remote-control capabilities. Analysis of exfiltrated C2 data suggests that [BOULDSPY](https://attack.mitre.org/software/S1079) primarily targeted minority groups in Iran.(Citation: lookout_bouldspy_0423)",
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_contributors": [
+        "Gunji Satoshi, NEC Corporation",
+        "Manikantan Srinivasan, NEC Corporation India",
+        "Pooja Natarajan, NEC Corporation India",
+        "Phyo Paing Htun (ChiLai), I-Secure Co.,Ltd"
+      ],
+      "x_mitre_aliases": [
+        "BOULDSPY"
+      ],
+      "type": "malware",
+      "id": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "created": "2023-07-21T19:31:54.632Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/software/S1079",
+          "external_id": "S1079"
+        },
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "labels": [
+        "malware"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "labels": [
         "malware"
@@ -4072,6 +4331,52 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-10-11T14:36:10.445Z",
+      "name": "Escobar",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) is an Android banking trojan, first detected in March 2021, believed to be a new variant of AbereBot.(Citation: Bleeipng Computer Escobar)",
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_contributors": [
+        "Pooja Natarajan, NEC Corporation India",
+        "Hiroki Nagahama, NEC Corporation",
+        "Manikantan Srinivasan, NEC Corporation India"
+      ],
+      "x_mitre_aliases": [
+        "Escobar"
+      ],
+      "type": "malware",
+      "id": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "created": "2023-09-28T17:04:46.516Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/software/S1092",
+          "external_id": "S1092"
+        },
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "labels": [
+        "malware"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "labels": [
         "malware"
@@ -4430,6 +4735,47 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-10-07T21:33:03.773Z",
+      "name": "Sunbird",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) is one of two mobile malware families known to be used by the APT [Confucius](https://attack.mitre.org/groups/G0142).  Analysis suggests that [Sunbird](https://attack.mitre.org/software/S1082) was first active in early 2017. While [Sunbird](https://attack.mitre.org/software/S1082) and [Hornbill](https://attack.mitre.org/software/S1077) overlap in core capabilities, [Sunbird](https://attack.mitre.org/software/S1082) has a more extensive set of malicious features.(Citation: lookout_hornbill_sunbird_0221)",
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_aliases": [
+        "Sunbird"
+      ],
+      "type": "malware",
+      "id": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "created": "2023-08-04T18:27:24.614Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/software/S1082",
+          "external_id": "S1082"
+        },
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "labels": [
+        "malware"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2022-10-24T15:09:07.609Z",
       "name": "DressCode",
@@ -5198,6 +5544,45 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-25T19:53:07.406Z",
+      "name": "Remote Access Software",
+      "description": "Adversaries may use legitimate remote access software, such as `VNC`, `TeamViewer`, `AirDroid`, `AirMirror`, etc., to establish an interactive command and control channel to target mobile devices.  \n\nRemote access applications may be installed and used post-compromise as an alternate communication channel for redundant access or as a way to establish an interactive remote session with the target device. They may also be used as a component of malware to establish a reverse connection to an adversary-controlled system or service. Installation of remote access tools may also include persistence.  ",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "command-and-control"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "attack-pattern",
+      "id": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+      "created": "2023-09-25T19:53:07.406Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1663",
+          "external_id": "T1663"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "x_mitre_platforms": [
         "Android"
@@ -5554,7 +5939,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:41:45.256Z",
+      "modified": "2023-08-15T15:06:03.427Z",
       "name": "Impersonate SS7 Nodes",
       "description": "Adversaries may exploit the lack of authentication in signaling system network nodes to track the to track the location of mobile devices by impersonating a node.(Citation: Engel-SS7)(Citation: Engel-SS7-2008)(Citation: 3GPP-Security)(Citation: Positive-SS7)(Citation: CSRIC5-WG10-FinalReport) \n\n \n\nBy providing the victim’s MSISDN (phone number) and impersonating network internal nodes to query subscriber information from other nodes, adversaries may use data collected from each hop to eventually determine the device’s geographical cell area or nearest cell tower.(Citation: Engel-SS7)",
       "kill_chain_phases": [
@@ -5597,7 +5982,7 @@
         {
           "source_name": "CSRIC5-WG10-FinalReport",
           "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
-          "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
+          "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
         },
         {
           "source_name": "CSRIC-WG1-FinalReport",
@@ -5630,6 +6015,59 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-08T18:15:15.902Z",
+      "name": "Match Legitimate Name or Location",
+      "description": "Adversaries may match or approximate the name or location of legitimate files or resources when naming/placing them. This is done for the sake of evading defenses and observation. This may be done by giving artifacts the name and icon of a legitimate, trusted application (i.e., Settings), or using a package name that matches legitimate, trusted applications (i.e., `com.google.android.gm`). \n\nAdversaries may also use the same icon of the file or application they are trying to mimic.\n",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "defense-evasion"
+        }
+      ],
+      "x_mitre_contributors": [
+        "Ford Qin, Trend Micro",
+        "Liran Ravich, CardinalOps"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": true,
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "attack-pattern",
+      "id": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "created": "2023-07-12T20:45:14.704Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1655/001",
+          "external_id": "T1655.001"
+        },
+        {
+          "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-14.html",
+          "external_id": "APP-14"
+        },
+        {
+          "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html",
+          "external_id": "APP-31"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "x_mitre_domains": [
         "mobile-attack"
@@ -6426,6 +6864,66 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-28T15:36:11.282Z",
+      "name": "Application Versioning",
+      "description": "An adversary may push an update to a previously benign application to add malicious code. This can be accomplished by pushing an initially benign, functional application to a trusted application store, such as the Google Play Store or the Apple App Store. This allows the adversary to establish a trusted userbase that may grant permissions to the application prior to the introduction of malicious code. Then, an application update could be pushed to introduce malicious code.(Citation: android_app_breaking_bad)\n\nThis technique could also be accomplished by compromising a developer’s account. This would allow an adversary to take advantage of an existing userbase without having to establish the userbase themselves. ",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "initial-access"
+        },
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "defense-evasion"
+        }
+      ],
+      "x_mitre_contributors": [
+        "Edward Stevens, BT Security",
+        "Adam Lichters"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
+      ],
+      "type": "attack-pattern",
+      "id": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+      "created": "2023-09-21T22:16:38.002Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1661",
+          "external_id": "T1661"
+        },
+        {
+          "source_name": "android_app_breaking_bad",
+          "description": "Stefanko, L. (2023, May 23). Android app breaking bad: From legitimate screen recording to file exfiltration within a year. Retrieved August 28, 2023.",
+          "url": "https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/"
+        },
+        {
+          "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/supply-chain-threats/SPC-20.html",
+          "external_id": "SPC-20"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "x_mitre_platforms": [
         "Android"
@@ -6482,7 +6980,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T15:16:19.547Z",
+      "modified": "2023-08-07T22:15:34.693Z",
       "name": "Command and Scripting Interpreter",
       "description": "Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, Android is a UNIX-like OS and includes a basic [Unix Shell](https://attack.mitre.org/techniques/T1623/001) that can be accessed via the Android Debug Bridge (ADB) or Java’s `Runtime` package.\n\nAdversaries may abuse these technologies in various ways as a means of executing arbitrary commands. Commands and scripts can be embedded in [Initial Access](https://attack.mitre.org/tactics/TA0027) payloads delivered to victims as lure documents or as secondary payloads downloaded from an existing C2. Adversaries may also execute commands through interactive terminals/shells. ",
       "kill_chain_phases": [
@@ -6501,7 +6999,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "1.1",
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -6570,7 +7068,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:43:44.687Z",
+      "modified": "2023-08-14T16:21:05.728Z",
       "name": "Ingress Tool Transfer",
       "description": "Adversaries may transfer tools or other files from an external system onto a compromised device to facilitate follow-on actions. Files may be copied from an external adversary-controlled system through the command and control channel  or through alternate protocols with another tool such as FTP.",
       "kill_chain_phases": [
@@ -6589,7 +7087,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "2.1",
+      "x_mitre_version": "2.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -6612,50 +7110,50 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-08-14T16:19:34.225Z",
+      "name": "Dynamic Resolution",
+      "description": "Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. This algorithm can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "command-and-control"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different Domain Generation Algorithms (DGAs), constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names or rarely visited domains.",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
       "x_mitre_platforms": [
         "Android",
         "iOS"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "x_mitre_version": "1.1",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
       ],
       "type": "attack-pattern",
       "id": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
       "created": "2022-04-05T19:57:15.734Z",
-      "x_mitre_version": "1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
-          "external_id": "T1637",
-          "url": "https://attack.mitre.org/techniques/T1637"
+          "url": "https://attack.mitre.org/techniques/T1637",
+          "external_id": "T1637"
         },
         {
           "source_name": "Data Driven Security DGA",
-          "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/",
-          "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019."
+          "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+          "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. This algorithm can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.",
-      "modified": "2022-04-05T19:57:15.734Z",
-      "name": "Dynamic Resolution",
-      "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different Domain Generation Algorithms (DGAs), constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names or rarely visited domains.",
-      "kill_chain_phases": [
-        {
-          "phase_name": "command-and-control",
-          "kill_chain_name": "mitre-mobile-attack"
-        }
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_is_subtechnique": false,
-      "x_mitre_tactic_type": [
-        "Post-Adversary Device Access"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -6809,56 +7307,56 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-08-14T16:41:52.000Z",
+      "name": "Exfiltration Over C2 Channel",
+      "description": "Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "exfiltration"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "[Exfiltration Over C2 Channel](https://attack.mitre.org/techniques/T1646) can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
       "x_mitre_platforms": [
         "Android",
         "iOS"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "x_mitre_version": "1.1",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
       ],
       "type": "attack-pattern",
       "id": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "created": "2022-04-01T15:43:45.913Z",
-      "x_mitre_version": "1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
-          "external_id": "T1646",
-          "url": "https://attack.mitre.org/techniques/T1646"
+          "url": "https://attack.mitre.org/techniques/T1646",
+          "external_id": "T1646"
         },
         {
-          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html",
           "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-29.html",
           "external_id": "APP-29"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Adversaries may steal data by exfiltrating it over an existing command and control channel. Stolen data is encoded into the normal communications channel using the same protocol as command and control communications.",
-      "modified": "2022-04-08T16:25:44.552Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "name": "Exfiltration Over C2 Channel",
-      "x_mitre_detection": "Exfiltration over C2 channel can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
-      "kill_chain_phases": [
-        {
-          "phase_name": "exfiltration",
-          "kill_chain_name": "mitre-mobile-attack"
-        }
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_is_subtechnique": false,
-      "x_mitre_tactic_type": [
-        "Post-Adversary Device Access"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:49:53.301Z",
+      "modified": "2023-09-08T19:20:13.836Z",
       "name": "Exploitation for Privilege Escalation",
-      "description": "Adversaries may exploit software vulnerabilities in order to to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in an application, service, within the operating system software, or kernel itself to execute adversary-controlled code. Security constructions, such as permission levels, will often hinder access to information and use of certain techniques. Adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions. \n\nWhen initially gaining access to a device, an adversary may be operating within a lower privileged process which will prevent them from accessing certain resources on the system. Vulnerabilities may exist, usually in operating system components and applications running at higher permissions, that can be exploited to gain higher levels of access on the system. This could enable someone to move from unprivileged or user- level permission to root permissions depending on the component that is vulnerable. ",
+      "description": "Adversaries may exploit software vulnerabilities in order to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in an application, service, within the operating system software, or kernel itself to execute adversary-controlled code. Security constructions, such as permission levels, will often hinder access to information and use of certain techniques. Adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions. \n\nWhen initially gaining access to a device, an adversary may be operating within a lower privileged process which will prevent them from accessing certain resources on the system. Vulnerabilities may exist, usually in operating system components and applications running at higher permissions, that can be exploited to gain higher levels of access on the system. This could enable someone to move from unprivileged or user- level permission to root permissions depending on the component that is vulnerable. ",
       "kill_chain_phases": [
         {
           "kill_chain_name": "mitre-mobile-attack",
@@ -6903,7 +7401,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-16T18:31:37.189Z",
+      "modified": "2023-08-10T21:57:52.009Z",
       "name": "Call Control",
       "description": "Adversaries may make, forward, or block phone calls without user authorization. This could be used for adversary goals such as audio surveillance, blocking or forwarding calls from the device owner, or C2 communication.\n\nSeveral permissions may be used to programmatically control phone calls, including:\n\n* `ANSWER_PHONE_CALLS` - Allows the application to answer incoming phone calls(Citation: Android Permissions)\n* `CALL_PHONE` - Allows the application to initiate a phone call without going through the Dialer interface(Citation: Android Permissions)\n* `PROCESS_OUTGOING_CALLS` - Allows the application to see the number being dialed during an outgoing call with the option to redirect the call to a different number or abort the call altogether(Citation: Android Permissions)\n* `MANAGE_OWN_CALLS` - Allows a calling application which manages its own calls through the self-managed `ConnectionService` APIs(Citation: Android Permissions)\n* `BIND_TELECOM_CONNECTION_SERVICE` - Required permission when using a `ConnectionService`(Citation: Android Permissions)\n* `WRITE_CALL_LOG` - Allows an application to write to the device call log, potentially to hide malicious phone calls(Citation: Android Permissions)\n\nWhen granted some of these permissions, an application can make a phone call without opening the dialer first. However, if an application desires to simply redirect the user to the dialer with a phone number filled in, it can launch an Intent using `Intent.ACTION_DIAL`, which requires no specific permissions. This then requires the user to explicitly initiate the call or use some form of [Input Injection](https://attack.mitre.org/techniques/T1516) to programmatically initiate it.",
       "kill_chain_phases": [
@@ -6932,7 +7430,7 @@
       "x_mitre_platforms": [
         "Android"
       ],
-      "x_mitre_version": "1.1",
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -6980,50 +7478,50 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-08-14T16:40:40.166Z",
+      "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
+      "description": "Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.\n\nAdversaries may opt to obfuscate this data, without the use of encryption, within network protocols that are natively unencrypted (such as HTTP, FTP, or DNS). Adversaries may employ custom or publicly available encoding/compression algorithms (such as base64) or embed data within protocol headers and fields.",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "exfiltration"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "[Exfiltration Over Unencrypted Non-C2 Protocol](https://attack.mitre.org/techniques/T1639/001)s can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": true,
       "x_mitre_platforms": [
         "Android",
         "iOS"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "x_mitre_version": "1.1",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
       ],
       "type": "attack-pattern",
       "id": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
       "created": "2022-04-06T13:22:57.683Z",
-      "x_mitre_version": "1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
-          "external_id": "T1639.001",
-          "url": "https://attack.mitre.org/techniques/T1639/001"
+          "url": "https://attack.mitre.org/techniques/T1639/001",
+          "external_id": "T1639.001"
         },
         {
-          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
           "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
           "external_id": "APP-30"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Adversaries may steal data by exfiltrating it over an un-encrypted network protocol other than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server.\n\nAdversaries may opt to obfuscate this data, without the use of encryption, within network protocols that are natively unencrypted (such as HTTP, FTP, or DNS). Adversaries may employ custom or publicly available encoding/compression algorithms (such as base64) or embed data within protocol headers and fields.",
-      "modified": "2022-04-06T13:23:10.087Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "name": "Exfiltration Over Unencrypted Non-C2 Protocol",
-      "x_mitre_detection": "Exfiltration Over Alternative Protocols can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
-      "kill_chain_phases": [
-        {
-          "phase_name": "exfiltration",
-          "kill_chain_name": "mitre-mobile-attack"
-        }
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_is_subtechnique": true,
-      "x_mitre_tactic_type": [
-        "Post-Adversary Device Access"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -7387,50 +7885,50 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-08-14T16:39:22.707Z",
+      "name": "Exfiltration Over Alternative Protocol",
+      "description": "Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. \n\nAlternate protocols include FTP, SMTP, HTTP/S, DNS, SMB, or any other network protocol not being used as the main command and control channel. Different protocol channels could also include Web services such as cloud storage. Adversaries may opt to also encrypt and/or obfuscate these alternate channels. ",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "exfiltration"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "[Exfiltration Over Alternative Protocol](https://attack.mitre.org/techniques/T1639)s can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
       "x_mitre_platforms": [
         "Android",
         "iOS"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "x_mitre_version": "1.1",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
       ],
       "type": "attack-pattern",
       "id": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
       "created": "2022-04-06T13:19:33.785Z",
-      "x_mitre_version": "1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
-          "external_id": "T1639",
-          "url": "https://attack.mitre.org/techniques/T1639"
+          "url": "https://attack.mitre.org/techniques/T1639",
+          "external_id": "T1639"
         },
         {
-          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
           "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-30.html",
           "external_id": "APP-30"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Adversaries may steal data by exfiltrating it over a different protocol than that of the existing command and control channel. The data may also be sent to an alternate network location from the main command and control server. \n\nAlternate protocols include FTP, SMTP, HTTP/S, DNS, SMB, or any other network protocol not being used as the main command and control channel. Different protocol channels could also include Web services such as cloud storage. Adversaries may opt to also encrypt and/or obfuscate these alternate channels. ",
-      "modified": "2022-04-29T17:29:00.038Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "name": "Exfiltration Over Alternative Protocol",
-      "x_mitre_detection": "Exfiltration Over Alternative Protocols can be difficult to detect, and therefore enterprises may be better served focusing on detection at other stages of adversarial behavior.",
-      "kill_chain_phases": [
-        {
-          "phase_name": "exfiltration",
-          "kill_chain_name": "mitre-mobile-attack"
-        }
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_is_subtechnique": false,
-      "x_mitre_tactic_type": [
-        "Post-Adversary Device Access"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -8084,6 +8582,51 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-28T17:02:58.893Z",
+      "name": "Exploitation for Client Execution",
+      "description": "Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to insecure coding practices that can lead to unanticipated behavior. Adversaries may take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility. \n\nAdversaries may use device-based zero-click exploits for code execution. These exploits are powerful because there is no user interaction required for code execution. \n\n### SMS/iMessage Delivery  \n\nSMS and iMessage in iOS are common targets through [Drive-By Compromise](https://attack.mitre.org/techniques/T1456), [Phishing](https://attack.mitre.org/techniques/T1660), etc. Adversaries may use embed malicious links, files, etc. in SMS messages or iMessages. Mobile devices may be compromised through one-click exploits, where the victim must interact with a text message, or zero-click exploits, where no user interaction is required. \n\n### AirDrop \n\nUnique to iOS, AirDrop is a network protocol that allows iOS users to transfer files between iOS devices. Before patches from Apple were released, on iOS 13.4 and earlier, adversaries may force the Apple Wireless Direct Link (AWDL) interface to activate, then exploit a buffer overflow to gain access to the device and run as root without interaction from the user.  ",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "execution"
+        }
+      ],
+      "x_mitre_contributors": [
+        "Giorgi Gurgenidze, ISAC"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
+      ],
+      "type": "attack-pattern",
+      "id": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+      "created": "2023-08-23T22:13:27.313Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1658",
+          "external_id": "T1658"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2023-03-20T18:57:14.285Z",
       "name": "Proxy Through Victim",
@@ -8360,89 +8903,89 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-08-07T17:13:04.396Z",
+      "name": "Replication Through Removable Media",
+      "description": "Adversaries may move onto devices by exploiting or copying malware to devices connected via USB. In the case of Lateral Movement, adversaries may utilize the physical connection of a device to a compromised or malicious charging station or PC to bypass application store requirements and install malicious applications directly.(Citation: Lau-Mactans) In the case of Initial Access, adversaries may attempt to exploit the device via the connection to gain access to data stored on the device.(Citation: Krebs-JuiceJacking) Examples of this include: \n \n* Exploiting insecure bootloaders in a Nexus 6 or 6P device over USB and gaining the ability to perform actions including intercepting phone calls, intercepting network traffic, and obtaining the device physical location.(Citation: IBM-NexusUSB) \n* Exploiting weakly-enforced security boundaries in Android devices such as the Google Pixel 2 over USB.(Citation: GoogleProjectZero-OATmeal) \n* Products from Cellebrite and Grayshift purportedly that can exploit some iOS devices using physical access to the data port to unlock the passcode.(Citation: Computerworld-iPhoneCracking) ",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "initial-access"
+        },
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "lateral-movement"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
       "x_mitre_platforms": [
         "Android",
         "iOS"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "x_mitre_version": "2.1",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
       ],
       "type": "attack-pattern",
       "id": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
       "created": "2017-10-25T14:48:23.233Z",
-      "x_mitre_version": "2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
-          "external_id": "T1458",
-          "url": "https://attack.mitre.org/techniques/T1458"
+          "url": "https://attack.mitre.org/techniques/T1458",
+          "external_id": "T1458"
         },
         {
           "source_name": "Krebs-JuiceJacking",
-          "url": "http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/",
-          "description": "Brian Krebs. (2011, August 17). Beware of Juice-Jacking. Retrieved December 23, 2016."
+          "description": "Brian Krebs. (2011, August 17). Beware of Juice-Jacking. Retrieved December 23, 2016.",
+          "url": "http://krebsonsecurity.com/2011/08/beware-of-juice-jacking/"
         },
         {
           "source_name": "GoogleProjectZero-OATmeal",
-          "url": "https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html",
-          "description": "Jann Horn. (2018, September 10). OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB. Retrieved September 18, 2018."
+          "description": "Jann Horn. (2018, September 10). OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB. Retrieved September 18, 2018.",
+          "url": "https://googleprojectzero.blogspot.com/2018/09/oatmeal-on-universal-cereal-bus.html"
         },
         {
           "source_name": "Lau-Mactans",
-          "url": "https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf",
-          "description": "Lau et al.. (2013). Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers. Retrieved December 23, 2016."
+          "description": "Lau et al.. (2013). Mactans: Injecting Malware Into iOS Devices Via Malicious Chargers. Retrieved December 23, 2016.",
+          "url": "https://media.blackhat.com/us-13/US-13-Lau-Mactans-Injecting-Malware-into-iOS-Devices-via-Malicious-Chargers-WP.pdf"
         },
         {
           "source_name": "Computerworld-iPhoneCracking",
-          "url": "https://www.computerworld.com/article/3268729/apple-ios/two-vendors-now-sell-iphone-cracking-technology-and-police-are-buying.html",
-          "description": "Lucas Mearian. (2018, May 9). Two vendors now sell iPhone cracking technology – and police are buying. Retrieved September 21, 2018."
+          "description": "Lucas Mearian. (2018, May 9). Two vendors now sell iPhone cracking technology – and police are buying. Retrieved September 21, 2018.",
+          "url": "https://www.computerworld.com/article/3268729/apple-ios/two-vendors-now-sell-iphone-cracking-technology-and-police-are-buying.html"
         },
         {
           "source_name": "IBM-NexusUSB",
-          "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/",
-          "description": "Roee Hay. (2017, January 5). Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes. Retrieved January 11, 2017."
+          "description": "Roee Hay. (2017, January 5). Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes. Retrieved January 11, 2017.",
+          "url": "https://securityintelligence.com/android-vulnerabilities-attacking-nexus-6-and-6p-custom-boot-modes/"
         },
         {
-          "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-1.html",
           "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-1.html",
           "external_id": "PHY-1"
         },
         {
-          "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-2.html",
           "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/physical-threats/PHY-2.html",
           "external_id": "PHY-2"
         },
         {
-          "url": "https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html",
           "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-6.html",
           "external_id": "STA-6"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Adversaries may move onto devices by exploiting or copying malware to devices connected via USB. In the case of Lateral Movement, adversaries may utilize the physical connection of a device to a compromised or malicious charging station or PC to bypass application store requirements and install malicious applications directly.(Citation: Lau-Mactans) In the case of Initial Access, adversaries may attempt to exploit the device via the connection to gain access to data stored on the device.(Citation: Krebs-JuiceJacking) Examples of this include: \n \n* Exploiting insecure bootloaders in a Nexus 6 or 6P device over USB and gaining the ability to perform actions including intercepting phone calls, intercepting network traffic, and obtaining the device physical location.(Citation: IBM-NexusUSB) \n* Exploiting weakly-enforced security boundaries in Android devices such as the Google Pixel 2 over USB.(Citation: GoogleProjectZero-OATmeal) \n* Products from Cellebrite and Grayshift purportedly that can exploit some iOS devices using physical access to the data port to unlock the passcode.(Citation: Computerworld-iPhoneCracking) ",
-      "modified": "2022-04-08T15:53:11.864Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "name": "Replication Through Removable Media",
-      "x_mitre_detection": "",
-      "kill_chain_phases": [
-        {
-          "phase_name": "initial-access",
-          "kill_chain_name": "mitre-mobile-attack"
-        },
-        {
-          "phase_name": "lateral-movement",
-          "kill_chain_name": "mitre-mobile-attack"
-        }
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_is_subtechnique": false,
-      "x_mitre_tactic_type": [
-        "Post-Adversary Device Access"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -8564,7 +9107,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:41:18.389Z",
+      "modified": "2023-08-07T22:48:30.418Z",
       "name": "Unix Shell",
       "description": "Adversaries may abuse Unix shell commands and scripts for execution. Unix shells are the underlying command prompts on Android and iOS devices. Unix shells can control every aspect of a system, with certain commands requiring elevated privileges that are only accessible if the device has been rooted or jailbroken. \n\nUnix shells also support scripts that enable sequential execution of commands as well as other typical programming operations such as conditionals and loops. Common uses of shell scripts include long or repetitive tasks, or the need to run the same set of commands on multiple systems. \n\nAdversaries may abuse Unix shells to execute various commands or payloads. Interactive shells may be accessed through command and control channels or during lateral movement such as with SSH. Adversaries may also leverage shell scripts to deliver and execute multiple commands on victims or as part of payloads used for persistence. \n\nIf the device has been rooted or jailbroken, adversaries may locate and invoke a superuser binary to elevate their privileges and interact with the system as the root user. This dangerous level of permissions allows the adversary to run special commands and modify protected system files.  ",
       "kill_chain_phases": [
@@ -8583,7 +9126,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "1.1",
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -8678,7 +9221,7 @@
       "x_mitre_is_subtechnique": false
     },
     {
-      "modified": "2023-03-20T18:21:59.494Z",
+      "modified": "2023-08-08T16:23:41.271Z",
       "name": "Download New Code at Runtime",
       "description": "Adversaries may download and execute dynamic code not included in the original application package after installation. This technique is primarily used to evade static analysis checks and pre-publication scans in official app stores. In some cases, more advanced dynamic or behavioral analysis techniques could detect this behavior. However, in conjunction with [Execution Guardrails](https://attack.mitre.org/techniques/T1627) techniques, detecting malicious code downloaded after installation could be difficult.\n\nOn Android, dynamic code could include native code, Dalvik code, or JavaScript code that utilizes Android WebView’s `JavascriptInterface` capability. \n\nOn iOS, dynamic code could be downloaded and executed through 3rd party libraries such as JSPatch. (Citation: FireEye-JSPatch) ",
       "kill_chain_phases": [
@@ -8697,7 +9240,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "1.4",
+      "x_mitre_version": "1.5",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -9888,7 +10431,7 @@
       "x_mitre_is_subtechnique": false
     },
     {
-      "modified": "2023-03-16T13:32:55.266Z",
+      "modified": "2023-08-14T16:34:55.968Z",
       "name": "Bidirectional Communication",
       "description": "Adversaries may use an existing, legitimate external Web service channel as a means for sending commands to and receiving output from a compromised system. Compromised systems may leverage popular websites and social media to host command and control (C2) instructions. Those infected systems can then send the output from those commands back over that Web service channel. The return traffic may occur in a variety of ways, depending on the Web service being utilized. For example, the return traffic may take the form of the compromised system posting a comment on a forum, issuing a pull request to development project, updating a document hosted on a Web service, or by sending a Tweet. \n\n \n\nPopular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. ",
       "kill_chain_phases": [
@@ -9907,7 +10450,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "1.1",
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -9930,9 +10473,9 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:51:58.228Z",
+      "modified": "2023-09-08T19:21:40.736Z",
       "name": "Non-Standard Port",
-      "description": "Adversaries may generate network traffic using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.",
+      "description": "Adversaries may generate network traffic using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.",
       "kill_chain_phases": [
         {
           "kill_chain_name": "mitre-mobile-attack",
@@ -10039,7 +10582,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T15:56:04.790Z",
+      "modified": "2023-08-14T16:33:56.861Z",
       "name": "Dead Drop Resolver",
       "description": "Adversaries may use an existing, legitimate external Web service to host information that points to additional command and control (C2) infrastructure. Adversaries may post content, known as a dead drop resolver, on Web services with embedded (and often obfuscated/encoded) domains or IP addresses. Once infected, victims will reach out to and be redirected by these resolvers. \n\n \n\nPopular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. \n\n \n\nUse of a dead drop resolver may also protect back-end C2 infrastructure from discovery through malware binary analysis, or enable operational resiliency (since this infrastructure may be dynamically changed). ",
       "kill_chain_phases": [
@@ -10058,7 +10601,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "1.1",
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -10324,6 +10867,60 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-27T21:09:27.288Z",
+      "name": "Data Destruction",
+      "description": "Adversaries may destroy data and files on specific devices or in large numbers to interrupt availability to systems, services, and network resources. Data destruction is likely to render stored data irrecoverable by forensic techniques through overwriting files or data on local and remote drives.  \n\nTo achieve data destruction, adversaries may use the `pm uninstall` command to uninstall packages or the `rm` command to remove specific files. For example, adversaries may first use `pm uninstall` to uninstall non-system apps, and then use `rm (-f) <file(s)>` to delete specific files, further hiding malicious activity.(Citation: rootnik_rooting_tool)(Citation: abuse_native_linux_tools)",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "impact"
+        }
+      ],
+      "x_mitre_contributors": [
+        "Liran Ravich, CardinalOps"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
+      ],
+      "type": "attack-pattern",
+      "id": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+      "created": "2023-09-22T19:09:15.698Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1662",
+          "external_id": "T1662"
+        },
+        {
+          "source_name": "rootnik_rooting_tool",
+          "description": "Hu, W., et al. (2015, December 4). Rootnik Android Trojan Abuses Commercial Rooting Tool and Steals Private Information. Retrieved September 26, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/rootnik-android-trojan-abuses-commercial-rooting-tool-and-steals-private-information/"
+        },
+        {
+          "source_name": "abuse_native_linux_tools",
+          "description": "Surana, N., et al. (2022, September 8). How Malicious Actors Abuse Native Linux Tools in Attacks. Retrieved September 26, 2023.",
+          "url": "https://www.trendmicro.com/en_za/research/22/i/how-malicious-actors-abuse-native-linux-tools-in-their-attacks.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "x_mitre_platforms": [
         "Android"
@@ -11670,7 +12267,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:37:13.730Z",
+      "modified": "2023-08-14T16:31:37.317Z",
       "name": "Web Service",
       "description": "Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. \n\n \n\nUse of Web services may also protect back-end C2 infrastructure from discovery through malware binary analysis, or enable operational resiliency (since this infrastructure may be dynamically changed). \n\n ",
       "kill_chain_phases": [
@@ -11689,7 +12286,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "1.2",
+      "x_mitre_version": "1.3",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -11712,9 +12309,9 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:46:08.412Z",
+      "modified": "2023-09-08T19:20:51.220Z",
       "name": "System Runtime API Hijacking",
-      "description": "Adversaries may execute their own malicious payloads by hijacking the way an operating system run applications. Hijacking execution flow can be for the purposes of persistence since this hijacked execution may reoccur at later points in time. \n\n\nOn Android, adversaries may overwrite the standard OS API library with a malicious alternative to hook into core functions to achieve persistence. By doing this, the adversary’s code will be executed every time the overwritten API function is called by an app on the infected device.",
+      "description": "Adversaries may execute their own malicious payloads by hijacking the way an operating system runs applications. Hijacking execution flow can be for the purposes of persistence since this hijacked execution may reoccur at later points in time. \n\n\nOn Android, adversaries may overwrite the standard OS API library with a malicious alternative to hook into core functions to achieve persistence. By doing this, the adversary’s code will be executed every time the overwritten API function is called by an app on the infected device.",
       "kill_chain_phases": [
         {
           "kill_chain_name": "mitre-mobile-attack",
@@ -11778,9 +12375,9 @@
       "x_mitre_is_subtechnique": false
     },
     {
-      "modified": "2023-03-20T15:45:44.103Z",
+      "modified": "2023-09-08T19:19:37.927Z",
       "name": "Credentials from Password Store",
-      "description": "Adversaries may search common password storage locations to obtain user credentials. Passwords can be stored in several places on a device, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.",
+      "description": "Adversaries may search common password storage locations to obtain user credentials. Passwords can be stored in several places on a device, depending on the operating system or application holding the credentials. There are also specific applications that store passwords to make it easier for users to manage and maintain. Once credentials are obtained, they can be used to perform lateral movement and access restricted information.",
       "kill_chain_phases": [
         {
           "kill_chain_name": "mitre-mobile-attack",
@@ -11974,59 +12571,59 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "x_mitre_platforms": [
-        "Android",
-        "iOS"
-      ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "attack-pattern",
-      "id": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "created": "2017-10-25T14:48:32.328Z",
-      "x_mitre_version": "3.0",
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "external_id": "T1406",
-          "url": "https://attack.mitre.org/techniques/T1406"
-        },
-        {
-          "source_name": "Microsoft MalLockerB",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
-        },
-        {
-          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html",
-          "source_name": "NIST Mobile Threat Catalogue",
-          "external_id": "APP-21"
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Adversaries may attempt to make a payload or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the device or in transit. This is common behavior that can be used across different platforms and the network to evade defenses. \n \nPayloads may be compressed, archived, or encrypted in order to avoid detection. These payloads may be used during Initial Access or later to mitigate detection. Portions of files can also be encoded to hide the plaintext strings that would otherwise help defenders with discovery. Payloads may also be split into separate, seemingly benign files that only reveal malicious functionality when reassembled.(Citation: Microsoft MalLockerB) ",
-      "modified": "2022-04-06T12:36:31.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2023-08-09T14:38:34.859Z",
       "name": "Obfuscated Files or Information",
-      "x_mitre_detection": "Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.",
+      "description": "Adversaries may attempt to make a payload or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the device or in transit. This is common behavior that can be used across different platforms and the network to evade defenses. \n \nPayloads may be compressed, archived, or encrypted in order to avoid detection. These payloads may be used during Initial Access or later to mitigate detection. Portions of files can also be encoded to hide the plaintext strings that would otherwise help defenders with discovery. Payloads may also be split into separate, seemingly benign files that only reveal malicious functionality when reassembled.(Citation: Microsoft MalLockerB) ",
       "kill_chain_phases": [
         {
           "kill_chain_name": "mitre-mobile-attack",
           "phase_name": "defense-evasion"
         }
       ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
       "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_version": "3.1",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
-      "x_mitre_attack_spec_version": "2.1.0",
+      "type": "attack-pattern",
+      "id": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "created": "2017-10-25T14:48:32.328Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1406",
+          "external_id": "T1406"
+        },
+        {
+          "source_name": "Microsoft MalLockerB",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
+        },
+        {
+          "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-21.html",
+          "external_id": "APP-21"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2022-10-24T15:09:07.609Z",
+      "modified": "2023-08-08T22:50:32.775Z",
       "name": "Input Injection",
       "description": "A malicious application can inject input to the user interface to mimic user interaction through the abuse of Android's accessibility APIs.\n\n[Input Injection](https://attack.mitre.org/techniques/T1516) can be achieved using any of the following methods:\n\n* Mimicking user clicks on the screen, for example to steal money from a user's PayPal account.(Citation: android-trojan-steals-paypal-2fa)\n* Injecting global actions, such as `GLOBAL_ACTION_BACK` (programatically mimicking a physical back button press), to trigger actions on behalf of the user.(Citation: Talos Gustuff Apr 2019)\n* Inserting input into text fields on behalf of the user. This method is used legitimately to auto-fill text fields by applications such as password managers.(Citation: bitwarden autofill logins)",
       "kill_chain_phases": [
@@ -12039,18 +12636,19 @@
           "phase_name": "impact"
         }
       ],
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.",
-      "x_mitre_platforms": [
-        "Android"
-      ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.1",
       "x_mitre_contributors": [
         "Lukáš Štefanko, ESET"
       ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "Users can view applications that have registered accessibility services in the accessibility menu within the device settings.",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android"
+      ],
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -12058,12 +12656,18 @@
       "id": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
       "created": "2019-09-15T15:26:22.356Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
           "url": "https://attack.mitre.org/techniques/T1516",
           "external_id": "T1516"
         },
+        {
+          "source_name": "bitwarden autofill logins",
+          "description": "Bitwarden. (n.d.).  Auto-fill logins on Android . Retrieved September 15, 2019.",
+          "url": "https://help.bitwarden.com/article/auto-fill-android/"
+        },
         {
           "source_name": "android-trojan-steals-paypal-2fa",
           "description": "Lukáš Štefanko. (2018, December 11). Android Trojan steals money from PayPal accounts even with 2FA on. Retrieved July 11, 2019.",
@@ -12073,18 +12677,13 @@
           "source_name": "Talos Gustuff Apr 2019",
           "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
           "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
-        },
-        {
-          "source_name": "bitwarden autofill logins",
-          "description": "Bitwarden. (n.d.).  Auto-fill logins on Android . Retrieved September 15, 2019.",
-          "url": "https://help.bitwarden.com/article/auto-fill-android/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_is_subtechnique": false
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "modified": "2023-03-20T18:51:23.109Z",
@@ -12415,7 +13014,7 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:53:34.118Z",
+      "modified": "2023-08-14T16:35:55.739Z",
       "name": "One-Way Communication",
       "description": "Adversaries may use an existing, legitimate external Web service channel as a means for sending commands to a compromised system without receiving return output. Compromised systems may leverage popular websites and social media to host command and control (C2) instructions. Those infected systems may opt to send the output from those commands back over a different C2 channel, including to another distinct Web service. Alternatively, compromised systems may return no output at all in cases where adversaries want to send instructions to systems and do not want a response. \n\n \n\nPopular websites and social media, acting as a mechanism for C2, may give a significant amount of cover. This is due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection. ",
       "kill_chain_phases": [
@@ -12434,7 +13033,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "1.1",
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -12605,15 +13204,18 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:54:36.502Z",
+      "modified": "2023-09-28T15:38:41.106Z",
       "name": "Prevent Application Removal",
-      "description": "Adversaries may abuse the Android device administration API to prevent the user from uninstalling a target application. In earlier versions of Android, device administrator applications needed their administration capabilities explicitly deactivated by the user before the application could be uninstalled. This was later updated so the user could deactivate and uninstall the administrator application in one step.\n\nAdversaries may also abuse the device accessibility APIs to prevent removal. This set of APIs allows the application to perform certain actions on behalf of the user and programmatically determine what is being shown on the screen. The malicious application could monitor the device screen for certain modals (e.g., the confirmation modal to uninstall an application) and inject screen input or a back button tap to close the modal.",
+      "description": "Adversaries may abuse the Android device administration API to prevent the user from uninstalling a target application. In earlier versions of Android, device administrator applications needed their administration capabilities explicitly deactivated by the user before the application could be uninstalled. This was later updated so the user could deactivate and uninstall the administrator application in one step.\n\nAdversaries may also abuse the device accessibility APIs to prevent removal. This set of APIs allows the application to perform certain actions on behalf of the user and programmatically determine what is being shown on the screen. The malicious application could monitor the device screen for certain modals (e.g., the confirmation modal to uninstall an application) and inject screen input or a back button tap to close the modal. For example, Android's `performGlobalAction(int)` API could be utilized to prevent the user from removing the malicious application from the device after installation. If the user wants to uninstall the malicious application, two cases may occur, both preventing the user from removing the application.\n\n* Case 1: If the integer argument passed to the API call is `2` or `GLOBAL_ACTION_HOME`, the malicious application may direct the user to the home screen from settings screen \n\n* Case 2: If the integer argument passed to the API call is `1` or `GLOBAL_ACTION_BACK`, the malicious application may emulate the back press event ",
       "kill_chain_phases": [
         {
           "kill_chain_name": "mitre-mobile-attack",
           "phase_name": "defense-evasion"
         }
       ],
+      "x_mitre_contributors": [
+        "Shankar Raman, Gen Digital and Abhinand, Amrita University"
+      ],
       "x_mitre_deprecated": false,
       "x_mitre_detection": "Users can view a list of device administrators and applications that have registered accessibility services in device settings. Users can typically visually see when an action happens that they did not initiate and can subsequently review installed applications for any out of place or unknown ones. Applications that register an accessibility service or request device administrator permissions should be scrutinized further for malicious behavior.",
       "x_mitre_domains": [
@@ -12623,7 +13225,7 @@
       "x_mitre_platforms": [
         "Android"
       ],
-      "x_mitre_version": "1.1",
+      "x_mitre_version": "1.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -12647,7 +13249,7 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_attack_spec_version": "3.2.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -12692,65 +13294,120 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-09-29T19:45:39.608Z",
+      "name": "Phishing",
+      "description": "Adversaries may send malicious content to users in order to gain access to their mobile devices. All forms of phishing are electronically delivered social engineering. Adversaries can conduct both non-targeted phishing, such as in mass malware spam campaigns, as well as more targeted phishing tailored for a specific individual, company, or industry, known as “spearphishing”.  Phishing often involves social engineering techniques, such as posing as a trusted source, as well as evasion techniques, such as removing or manipulating emails or metadata/headers from compromised accounts being abused to send messages.\n\nMobile phishing may take various forms. For example, adversaries may send emails containing malicious attachments or links, typically to deliver and then execute malicious code on victim devices. Phishing may also be conducted via third-party services, like social media platforms.  \n\nMobile devices are a particularly attractive target for adversaries executing phishing campaigns.  Due to their smaller form factor than traditional desktop endpoints, users may not be able to notice minor differences between genuine and phishing websites. Further, mobile devices have additional sensors and radios that allow adversaries to execute phishing attempts over several different vectors, such as: \n\n- SMS messages: Adversaries may send SMS messages (known as “smishing”) from compromised devices to potential targets to convince the target to, for example, install malware, navigate to a specific website, or enable certain insecure configurations on their device.\n- Quick Response (QR) Codes: Adversaries may use QR codes (known as “quishing”) to redirect users to a phishing website. For example, an adversary could replace a legitimate public QR Code with one that leads to a different destination, such as a phishing website. A malicious QR code could also be delivered via other means, such as SMS or email. In the latter case, an adversary could utilize a malicious QR code in an email to pivot from the user’s desktop computer to their mobile device.\n- Phone Calls: Adversaries may call victims (known as “vishing”) to persuade them to perform an action, such as providing login credentials or navigating to a malicious website. This could also be used as a technique to perform the initial access on a mobile device, but then pivot to a computer/other network by having the victim perform an action on a desktop computer.\n",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "initial-access"
+        }
+      ],
+      "x_mitre_contributors": [
+        "Vijay Lalwani",
+        "Will Thomas, Equinix",
+        "Adam Mashinchi",
+        "Sam Seabrook, Duke Energy",
+        "Naveen Devaraja, bolttech",
+        "Brian Donohue"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
       "x_mitre_platforms": [
         "Android",
         "iOS"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
+      "x_mitre_version": "1.0",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
+      ],
+      "type": "attack-pattern",
+      "id": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+      "created": "2023-09-21T19:35:15.552Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1660",
+          "external_id": "T1660"
+        },
+        {
+          "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/authentication-threats/AUT-9.html",
+          "external_id": "AUT-9"
+        }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "attack-pattern",
-      "id": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "created": "2017-10-25T14:48:24.488Z",
-      "x_mitre_version": "1.2",
-      "external_references": [
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-10-16T16:23:05.146Z",
+      "name": "Lockscreen Bypass",
+      "description": "An adversary with physical access to a mobile device may seek to bypass the device’s lockscreen. Several methods exist to accomplish this, including:\n\n* Biometric spoofing: If biometric authentication is used, an adversary could attempt to spoof a mobile device’s biometric authentication mechanism. Both iOS and Android partly mitigate this attack by requiring the device’s passcode rather than biometrics to unlock the device after every device restart, and after a set or random amount of time.(Citation: SRLabs-Fingerprint)(Citation: TheSun-FaceID)\n* Unlock code bypass: An adversary could attempt to brute-force or otherwise guess the lockscreen passcode (typically a PIN or password), including physically observing (“shoulder surfing”) the device owner’s use of the lockscreen passcode. Mobile OS vendors partly mitigate this by implementing incremental backoff timers after a set number of failed unlock attempts, as well as a configurable full device wipe after several failed unlock attempts.\n* Vulnerability exploit: Techniques have been periodically demonstrated that exploit mobile devices to bypass the lockscreen. The vulnerabilities are generally patched by the device or OS vendor once disclosed.(Citation: Wired-AndroidBypass)(Citation: Kaspersky-iOSBypass)\n",
+      "kill_chain_phases": [
         {
-          "source_name": "mitre-attack",
-          "external_id": "T1461",
-          "url": "https://attack.mitre.org/techniques/T1461"
-        },
-        {
-          "source_name": "Wired-AndroidBypass",
-          "url": "https://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/",
-          "description": "Andy Greenberg. (2015, September 15). Hack Brief: Emergency Number Hack Bypasses Android Lock Screens. Retrieved December 23, 2016."
-        },
-        {
-          "source_name": "Kaspersky-iOSBypass",
-          "url": "https://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/",
-          "description": "Chris Brook. (2016, November 17). iOS 10 Passcode Bypass Can Access Photos, Contacts. Retrieved December 23, 2016."
-        },
-        {
-          "source_name": "TheSun-FaceID",
-          "url": "https://www.thesun.co.uk/tech/5584082/iphone-x-face-unlock-tricked-broken/",
-          "description": "Sean Keach. (2018, February 15). Brit mates BREAK Apple’s face unlock and vow to never buy iPhone again. Retrieved September 18, 2018."
-        },
-        {
-          "source_name": "SRLabs-Fingerprint",
-          "url": "https://srlabs.de/bites/spoofing-fingerprints/",
-          "description": "SRLabs. (n.d.). Fingerprints are not fit for secure device unlocking. Retrieved December 23, 2016."
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "initial-access"
         }
       ],
       "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An adversary with physical access to a mobile device may seek to bypass the device’s lockscreen. Several methods exist to accomplish this, including:\n\n* Biometric spoofing: If biometric authentication is used, an adversary could attempt to spoof a mobile device’s biometric authentication mechanism. Both iOS and Android partly mitigate this attack by requiring the device’s passcode rather than biometrics to unlock the device after every device restart, and after a set or random amount of time.(Citation: SRLabs-Fingerprint)(Citation: TheSun-FaceID)\n* Unlock code bypass: An adversaries could attempt to brute-force or otherwise guess the lockscreen passcode (typically a PIN or password), including physically observing (“shoulder surfing”) the device owner’s use of the lockscreen passcode. Mobile OS vendors partly mitigate this by implementing incremental backoff timers after a set number of failed unlock attempts, as well as a configurable full device wipe after several failed unlock attempts.\n* Vulnerability exploit: Techniques have been periodically demonstrated that exploit mobile devices to bypass the lockscreen. The vulnerabilities are generally patched by the device or OS vendor once disclosed.(Citation: Wired-AndroidBypass)(Citation: Kaspersky-iOSBypass)\n",
-      "modified": "2022-04-19T15:36:12.312Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "name": "Lockscreen Bypass",
       "x_mitre_detection": "Users can see if someone is watching them type in their device passcode.",
-      "kill_chain_phases": [
-        {
-          "phase_name": "initial-access",
-          "kill_chain_name": "mitre-mobile-attack"
-        }
+      "x_mitre_domains": [
+        "mobile-attack"
       ],
       "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_version": "1.3",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
-      "x_mitre_attack_spec_version": "2.1.0",
+      "type": "attack-pattern",
+      "id": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "created": "2017-10-25T14:48:24.488Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1461",
+          "external_id": "T1461"
+        },
+        {
+          "source_name": "Wired-AndroidBypass",
+          "description": "Andy Greenberg. (2015, September 15). Hack Brief: Emergency Number Hack Bypasses Android Lock Screens. Retrieved December 23, 2016.",
+          "url": "https://www.wired.com/2015/09/hack-brief-new-emergency-number-hack-easily-bypasses-android-lock-screens/"
+        },
+        {
+          "source_name": "Kaspersky-iOSBypass",
+          "description": "Chris Brook. (2016, November 17). iOS 10 Passcode Bypass Can Access Photos, Contacts. Retrieved December 23, 2016.",
+          "url": "https://threatpost.com/ios-10-passcode-bypass-can-access-photos-contacts/122033/"
+        },
+        {
+          "source_name": "TheSun-FaceID",
+          "description": "Sean Keach. (2018, February 15). Brit mates BREAK Apple’s face unlock and vow to never buy iPhone again. Retrieved September 18, 2018.",
+          "url": "https://www.thesun.co.uk/tech/5584082/iphone-x-face-unlock-tricked-broken/"
+        },
+        {
+          "source_name": "SRLabs-Fingerprint",
+          "description": "SRLabs. (n.d.). Fingerprints are not fit for secure device unlocking. Retrieved December 23, 2016.",
+          "url": "https://srlabs.de/bites/spoofing-fingerprints/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.2.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -13656,6 +14313,58 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-09-08T18:14:46.081Z",
+      "name": "Masquerading",
+      "description": "Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name, location, or appearance of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.\n\nRenaming abusable system utilities to evade security monitoring is also a form of [Masquerading](https://attack.mitre.org/techniques/T1655)\n",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "defense-evasion"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "\n",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": false,
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
+      ],
+      "type": "attack-pattern",
+      "id": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+      "created": "2023-07-12T20:29:48.758Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/techniques/T1655",
+          "external_id": "T1655"
+        },
+        {
+          "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-14.html",
+          "external_id": "APP-14"
+        },
+        {
+          "source_name": "NIST Mobile Threat Catalogue",
+          "url": "https://pages.nist.gov/mobile-threat-catalogue/application-threats/APP-31.html",
+          "external_id": "APP-31"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "x_mitre_platforms": [
         "Android",
@@ -13925,59 +14634,59 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2023-08-14T16:19:54.832Z",
+      "name": "Domain Generation Algorithms",
+      "description": "Adversaries may use [Domain Generation Algorithms](https://attack.mitre.org/techniques/T1637/001) (DGAs) to procedurally generate domain names for uses such as command and control communication   or malicious application distribution.(Citation: securelist rotexy 2018)\n\nDGAs increase the difficulty for defenders to block, track, or take over the command and control channel, as there could potentially be thousands of domains that malware can check for instructions.",
+      "kill_chain_phases": [
+        {
+          "kill_chain_name": "mitre-mobile-attack",
+          "phase_name": "command-and-control"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different DGA algorithms, constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) CDN domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names ",
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_is_subtechnique": true,
       "x_mitre_platforms": [
         "Android",
         "iOS"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "x_mitre_version": "1.1",
+      "x_mitre_tactic_type": [
+        "Post-Adversary Device Access"
       ],
       "type": "attack-pattern",
       "id": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
       "created": "2022-04-05T19:59:03.161Z",
-      "x_mitre_version": "1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "mitre-attack",
-          "external_id": "T1637.001",
-          "url": "https://attack.mitre.org/techniques/T1637/001"
+          "url": "https://attack.mitre.org/techniques/T1637/001",
+          "external_id": "T1637.001"
         },
         {
           "source_name": "Data Driven Security DGA",
-          "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/",
-          "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019."
+          "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+          "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
         },
         {
           "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Adversaries may use [Domain Generation Algorithms](https://attack.mitre.org/techniques/T1637/001) (DGAs) to procedurally generate domain names for uses such as command and control communication   or malicious application distribution.(Citation: securelist rotexy 2018)\n\nDGAs increase the difficulty for defenders to block, track, or take over the command and control channel, as there could potentially be thousands of domains that malware can check for instructions.",
-      "modified": "2022-04-05T19:59:22.888Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "name": "Domain Generation Algorithms",
-      "x_mitre_detection": "Detecting dynamically generated domains can be challenging due to the number of different DGA algorithms, constantly evolving malware families, and the increasing complexity of the algorithms. There are a myriad of approaches for detecting a pseudo-randomly generated domain name, including using frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) CDN domains may trigger these detections due to the format of their domain names. In addition to detecting a DGA domain based on the name, a more general approach for detecting a suspicious domain is to check for recently registered names ",
-      "kill_chain_phases": [
-        {
-          "phase_name": "command-and-control",
-          "kill_chain_name": "mitre-mobile-attack"
-        }
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_is_subtechnique": true,
-      "x_mitre_tactic_type": [
-        "Post-Adversary Device Access"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-20T18:24:56.530Z",
+      "modified": "2023-08-07T17:12:07.620Z",
       "name": "Drive-By Compromise",
       "description": "Adversaries may gain access to a system through a user visiting a website over the normal course of browsing. With this technique, the user's web browser is typically targeted for exploitation, but adversaries may also use compromised websites for non-exploitation behavior such as acquiring an [Application Access Token](https://attack.mitre.org/techniques/T1550/001).\n\nMultiple ways of delivering exploit code to a browser exist, including:\n\n* A legitimate website is compromised where adversaries have injected some form of malicious code such as JavaScript, iFrames, and cross-site scripting.\n* Malicious ads are paid for and served through legitimate ad providers.\n* Built-in web application interfaces are leveraged for the insertion of any other kind of object that can be used to display web content or contain a script that executes on the visiting client (e.g. forum posts, comments, and other user controllable web content).\n\nOften the website used by an adversary is one visited by a specific community, such as government, a particular industry, or region, where the goal is to compromise a specific user or set of users based on a shared interest. This kind of targeted attack is referred to a strategic web compromise or watering hole attack. There are several known examples of this occurring.(Citation: Lookout-StealthMango)\n\nTypical drive-by compromise process:\n\n1. A user visits a website that is used to host the adversary controlled content.\n2. Scripts automatically execute, typically searching versions of the browser and plugins for a potentially vulnerable version. \n    * The user may be required to assist in this process by enabling scripting or active website components and ignoring warning dialog boxes.\n3. Upon finding a vulnerable version, exploit code is delivered to the browser.\n4. If exploitation is successful, then it will give the adversary code execution on the user's system unless other protections are in place.\n    * In some cases a second visit to the website after the initial scan is required before exploit code is delivered.",
       "kill_chain_phases": [
@@ -13996,7 +14705,7 @@
         "Android",
         "iOS"
       ],
-      "x_mitre_version": "2.1",
+      "x_mitre_version": "2.2",
       "x_mitre_tactic_type": [
         "Post-Adversary Device Access"
       ],
@@ -14085,600 +14794,217 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531",
+      "modified": "2023-04-05T17:43:54.975Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
       "type": "relationship",
-      "created": "2019-08-07T15:57:13.417Z",
+      "id": "relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308",
+      "created": "2023-02-06T19:04:33.224Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:06:11.934Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can monitor notifications.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341",
+      "type": "relationship",
+      "created": "2019-07-16T14:33:12.085Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
         }
       ],
-      "modified": "2019-09-15T15:36:42.340Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2020-04-27T16:52:49.480Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6",
+      "created": "2022-04-20T17:36:25.707Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:39:23.114Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--01fd0686-d67f-4396-8812-3533063dd6b4",
+      "created": "2023-08-16T16:38:47.766Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:38:47.766Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can remove artifacts of its presence and uninstall itself.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.398Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.398Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80",
+      "type": "relationship",
+      "created": "2020-07-20T13:49:03.692Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.191Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510",
-      "created": "2019-10-07T16:32:27.127Z",
+      "id": "relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3",
+      "created": "2023-02-06T18:50:12.251Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T16:55:21.480Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ",
+      "modified": "2023-04-14T14:40:57.100Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can check device system properties to potentially avoid running while under analysis.(Citation: lookout_abstractemu_1021)",
       "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
       "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.508Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9",
-      "created": "2021-10-01T14:42:49.170Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:26:02.260Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) enables remote control of the victim through SMS channels.(Citation: PaloAlto-SpyDealer)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc",
-      "created": "2023-03-20T18:37:57.767Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:37:57.767Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
-      "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.610Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.610Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.885Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.885Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.503Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.503Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0",
-      "created": "2023-02-28T20:30:01.082Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:08:11.662Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can retrieve the contacts list from an infected device.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f",
-      "created": "2022-04-01T18:52:13.171Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
-      "modified": "2022-04-01T18:52:13.171Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a",
-      "created": "2020-01-27T17:05:58.265Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:27:51.998Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s call log.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010",
-      "created": "2022-03-30T18:18:15.915Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T18:18:15.915Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c7598a6-6046-491d-99a7-52c31974a9a9",
-      "created": "2023-03-20T18:57:40.504Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:40.504Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.452Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.452Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60",
-      "created": "2020-11-24T17:55:12.828Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:27.210Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8",
-      "created": "2019-09-04T14:28:15.970Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:52:44.819Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.002Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.002Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
-        }
-      ],
-      "modified": "2020-07-20T13:49:03.710Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a8565c17-7054-4d3f-bca5-6e17dc931491",
-      "created": "2023-03-03T16:20:08.033Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:20:08.033Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used private APIs to download and install other pieces of itself, as well as other malicious apps. (Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4",
-      "created": "2020-09-15T15:18:12.362Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:31:30.741Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect SMS messages.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c",
-      "created": "2022-04-06T15:52:07.805Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:52:07.805Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--17558571-7352-470b-b728-0511fb3f699d",
-      "type": "relationship",
-      "created": "2019-10-18T15:51:48.484Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:02:13.534Z",
-      "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865",
-      "created": "2022-04-06T15:50:42.481Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:50:42.481Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78",
-      "type": "relationship",
-      "created": "2019-10-10T15:17:00.972Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "source_name": "FlexiSpy-Features"
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.666Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -14712,5561 +15038,18 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea",
-      "created": "2022-03-30T19:32:43.015Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.",
-      "modified": "2022-03-30T19:32:43.015Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a",
-      "created": "2020-07-27T14:14:56.996Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:19:00.199Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd",
-      "created": "2023-03-20T15:40:11.819Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:40:11.819Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276",
-      "type": "relationship",
-      "created": "2021-09-24T14:47:34.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-04T20:08:48.556Z",
-      "description": "Mobile security products can often detect rooted devices.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7c6207c7-d738-4a17-8380-595c86574b64",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.298Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.298Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can track the device’s location.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.655Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.410Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a",
-      "created": "2022-04-01T12:49:32.365Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ",
-      "modified": "2022-04-01T12:49:32.365Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798",
-      "type": "relationship",
-      "created": "2020-10-29T19:01:13.854Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Microsoft MalLockerB",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:01:13.854Z",
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38",
-      "type": "relationship",
-      "created": "2020-05-11T16:37:36.616Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
-        }
-      ],
-      "modified": "2020-05-11T16:37:36.616Z",
-      "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41",
-      "created": "2020-12-14T15:02:35.208Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:08:11.798Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce",
-      "created": "2021-01-05T20:16:20.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:45:54.913Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6",
-      "created": "2022-03-30T15:18:21.256Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T15:18:21.256Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.699Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.839Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.514Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.514Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can list all hidden files in the `/DCIM/.dat/` directory.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73",
-      "created": "2020-12-31T18:25:05.162Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:22:53.698Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15",
-      "created": "2022-03-30T14:42:27.821Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:42:27.821Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Xiao-ZergHelper",
-          "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.941Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.589Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d",
-      "created": "2022-04-01T13:26:39.773Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ",
-      "modified": "2022-04-01T13:26:39.773Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:29:18.098Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80",
-      "type": "relationship",
-      "created": "2020-07-20T13:49:03.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.191Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s Android ID and serial number.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--77efa84c-5ef0-4554-b774-2dbfcca74087",
-      "type": "relationship",
-      "created": "2020-10-29T19:20:58.116Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:20:58.116Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has checked to see how many apps are installed, and specifically if Facebook or FB Messenger are installed.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e",
-      "created": "2021-02-08T16:36:20.630Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:06:00.885Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2",
-      "created": "2023-03-20T18:51:44.864Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:44.864Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b110d919-acd4-4fe0-a46a-ac4819508667",
-      "created": "2020-07-20T13:58:53.589Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:21:35.992Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has been installed via a malicious configuration profile.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41",
-      "created": "2023-01-18T21:43:36.398Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-21T18:44:26.569Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can download attacker-specified files.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-DressCode",
-          "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b",
-      "created": "2023-03-20T18:41:56.287Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:56.287Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d",
-      "type": "relationship",
-      "created": "2020-01-21T15:30:39.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2020-01-21T15:30:39.335Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd",
-      "created": "2020-06-26T14:55:13.333Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:49:38.924Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.417Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.417Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f",
-      "created": "2022-04-01T12:50:48.459Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T12:50:48.459Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298",
-      "created": "2020-12-14T15:02:35.297Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T18:06:30.456Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3",
-      "created": "2019-10-18T15:51:48.487Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
-      "modified": "2022-04-05T19:42:51.306Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c",
-      "created": "2019-08-09T18:02:06.688Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)",
-      "modified": "2022-05-20T17:13:16.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b",
-      "created": "2022-03-30T14:08:09.882Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:08:09.882Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.820Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.820Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d59da983-c521-47b6-83ab-435f7d58611d",
-      "created": "2019-11-21T16:42:48.493Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:12:57.861Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP requests for C2 communication.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.025Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.025Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385",
-      "created": "2020-10-29T17:48:27.440Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97",
-      "created": "2023-02-06T19:06:37.359Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:06:37.359Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can receive files from the C2 at runtime.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941",
-      "created": "2020-07-27T14:14:56.994Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:48:16.775Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4",
-      "created": "2021-01-05T20:16:20.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:23:12.919Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can execute commands .(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.549Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.524Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a",
-      "created": "2019-11-21T19:16:34.796Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:45:42.081Z",
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:50:54.500Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52",
-      "created": "2019-09-23T13:36:08.459Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443",
-      "created": "2020-07-20T13:49:03.676Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "modified": "2022-04-20T17:58:16.567Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8244700e-6f96-463a-a9c3-810c489a2c60",
-      "created": "2023-03-20T15:20:24.554Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:20:24.554Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50",
-      "created": "2020-06-26T15:32:25.025Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:52:43.629Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39",
-      "created": "2020-12-14T15:02:35.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:32:42.890Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d",
-      "type": "relationship",
-      "created": "2020-10-29T19:21:23.235Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T19:21:23.235Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.607Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) contains obfuscated function, class, and variable names, and encrypts its shared preferences using Java’s `PBEWithMD5AndDES` algorithm.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8",
-      "created": "2023-01-18T19:58:00.503Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:57:14.522Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use RC4 to encrypt C2 payloads.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ee095f20-eef5-4dcc-a537-70b387592c2c",
-      "created": "2023-02-28T20:38:46.702Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "bitdefender_flubot_0524",
-          "description": "Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB. (2022, May 24). New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike. Retrieved February 28, 2023.",
-          "url": "https://www.bitdefender.com/blog/labs/new-flubot-campaign-sweeps-through-europe-targeting-android-and-ios-users-alike/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:15:20.089Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Accessibility Services to make removal of the malicious app difficult.(Citation: bitdefender_flubot_0524)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.427Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:42:15.628Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376",
-      "created": "2020-06-02T14:32:31.913Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020.",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:12:12.766Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112",
-      "created": "2022-04-05T19:59:03.285Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:59:03.285Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3",
-      "created": "2019-07-10T15:35:43.712Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:36:27.557Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.177Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.177Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390",
-      "type": "relationship",
-      "created": "2019-08-09T18:08:07.109Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.109Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03",
-      "type": "relationship",
-      "created": "2020-11-10T16:50:39.134Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-04-19T15:40:36.387Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--57a5ae72-6932-45e6-83f2-609943902b35",
-      "created": "2023-03-20T18:50:33.248Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:50:33.248Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.229Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.229Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3",
-      "created": "2020-12-18T20:14:47.316Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:50:29.535Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.413Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.413Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4088b31b-d542-4935-84b4-82b592159591",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-10-10T15:22:52.591Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.838Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e",
-      "created": "2022-04-01T18:42:37.987Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.",
-      "modified": "2022-04-01T18:42:37.987Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd",
-      "created": "2020-07-15T20:20:59.289Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:49:47.110Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.531Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:55:55.049Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213",
-      "created": "2023-03-20T15:32:36.972Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:32:36.972Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11",
-      "created": "2022-04-05T19:37:16.086Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:37:16.086Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6",
-      "created": "2023-02-28T20:31:55.191Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T20:31:55.191Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can access app notifications.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:27:01.081Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132",
-      "created": "2022-03-30T14:06:26.530Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
-      "modified": "2022-03-30T14:06:26.530Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--be7c3f83-b164-4d53-bfac-65f7437dabec",
-      "created": "2023-03-20T18:54:36.266Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:54:36.266Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.296Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9f83d618-a42d-4797-b9fe-030affdbd13f",
-      "created": "2023-01-18T19:46:45.399Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:49:35.020Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can hide and send SMS messages. [SharkBot](https://attack.mitre.org/software/S1055) can also change which application is the device’s default SMS handler.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632",
-      "created": "2019-08-07T15:57:13.441Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:52:06.559Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674",
-      "created": "2023-01-18T19:56:01.025Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:48:53.396Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept SMS messages.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451",
-      "type": "relationship",
-      "created": "2019-10-10T15:03:27.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-10T15:03:27.682Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.201Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-03-26T20:50:07.154Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca",
-      "created": "2020-09-11T16:22:03.285Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:50:52.737Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s contact list.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.333Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-03-26T20:50:07.266Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.390Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-14T20:49:24.646Z",
-      "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e",
-      "type": "relationship",
-      "created": "2019-07-10T15:25:57.623Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "modified": "2019-08-12T17:30:07.568Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-10-15T19:37:21.366Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348",
-      "created": "2022-04-20T17:42:11.714Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "url": "https://www.wandera.com/reddrop-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:40:15.440Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0",
-      "type": "relationship",
-      "created": "2020-04-24T15:12:11.185Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:12:11.185Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.261Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.261Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.767Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.767Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56",
-      "created": "2019-09-03T20:08:00.737Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:39:08.123Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.913Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-06T15:32:46.477Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78",
-      "created": "2020-10-29T19:21:23.215Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:03:47.434Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f",
-      "created": "2022-03-30T19:28:55.980Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.",
-      "modified": "2022-03-30T19:28:55.980Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--91a4924f-2519-4662-91f2-b7ef715a459f",
-      "created": "2023-03-20T18:59:55.756Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:59:55.756Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36",
-      "created": "2023-03-20T18:41:31.300Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:31.300Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35",
-      "created": "2020-09-14T13:35:45.886Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:43:03.565Z",
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070",
-      "created": "2020-12-18T20:14:47.302Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-18T19:18:56.475Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af",
-      "created": "2022-04-01T15:29:36.082Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications",
-      "modified": "2022-04-01T15:29:36.082Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.429Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.429Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect images, videos, and attacker-specified files.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273",
-      "type": "relationship",
-      "created": "2019-09-15T15:26:22.926Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:02:13.533Z",
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.501Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.492Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e",
-      "created": "2022-03-30T18:07:07.306Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
-      "modified": "2022-03-30T18:07:07.306Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.946Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.136Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.489Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.128Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b",
-      "created": "2022-03-30T19:28:42.179Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ",
-      "modified": "2022-03-30T19:28:42.179Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.495Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.495Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--085f8397-0233-42d7-855e-3dbd709f2eca",
-      "created": "2023-01-18T21:39:27.823Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:30:43.093Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the Android “Direct Reply” feature to spread the malware to other devices. It can also download the full version of the malware after initial device compromise.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b",
-      "created": "2022-04-01T15:21:35.655Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ",
-      "modified": "2022-04-01T15:21:35.655Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:12:22.002Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
+      "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c",
+      "created": "2017-10-25T14:48:53.747Z",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476",
-      "created": "2022-03-31T19:51:15.415Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Package Visibility",
-          "url": "https://developer.android.com/training/package-visibility",
-          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
-      "modified": "2022-04-11T19:19:34.658Z",
+      "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges.  ",
+      "modified": "2022-03-30T20:32:46.334Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16",
-      "created": "2022-03-30T14:43:46.034Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:43:46.034Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32",
-      "created": "2020-06-26T20:16:32.181Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:11:53.609Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--66fb8a34-9d48-4599-a56e-19b057380030",
-      "created": "2023-03-20T18:46:08.304Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:46:08.304Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc",
-      "created": "2023-03-20T18:49:38.917Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:49:38.917Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.253Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.253Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.483Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.688Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e",
-      "created": "2022-03-30T20:43:31.249Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:43:31.249Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545",
-      "created": "2019-09-23T13:36:08.429Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:56:23.365Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-10-15T19:37:21.273Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe",
-      "type": "relationship",
-      "created": "2020-11-20T15:54:07.747Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T15:54:07.747Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6",
-      "created": "2023-01-19T18:07:26.323Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:13:32.345Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can utilize WebViews to display fake authentication pages that capture user credentials.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.237Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.237Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "modified": "2019-10-15T19:54:10.285Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.267Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.267Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.547Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.547Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.744Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.744Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record audio.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724",
-      "created": "2022-04-01T15:02:21.344Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken devices. ",
-      "modified": "2022-04-01T15:02:21.344Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.686Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.686Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ff3aa49b-c054-44ec-89da-6c67d4995193",
-      "created": "2023-03-20T18:44:44.257Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:44.257Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--919a13bc-74be-4660-af63-454abee92635",
-      "type": "relationship",
-      "created": "2019-03-11T15:13:40.408Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
-          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
-          "source_name": "TrendMicro-Anserver2"
-        }
-      ],
-      "modified": "2019-08-05T20:05:25.571Z",
-      "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b",
-      "created": "2020-12-17T20:15:22.492Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:47:45.408Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c50e9e7-e13c-4814-98d0-088d73b10005",
-      "created": "2023-03-03T16:21:24.531Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:21:24.531Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has modified Safari’s default search engine, bookmarked websites, opened pages, and accessed contacts and authorization tokens of the IM program “QQ” on infected devices.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19",
-      "created": "2020-09-24T15:26:15.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:41:01.468Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7",
-      "created": "2022-04-01T18:45:11.299Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.",
-      "modified": "2022-04-01T18:45:11.299Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb",
-      "created": "2023-02-06T19:00:42.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:22:43.518Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access a device's location.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.398Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.398Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device networking information, including phone number, IMEI, and IMSI.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.005Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.005Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f",
-      "created": "2022-03-30T18:14:04.881Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Symantec-iOSProfile2",
-          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
-          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
-        },
-        {
-          "source_name": "Android-TrustedCA",
-          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
-          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
-      "modified": "2022-03-30T18:14:04.881Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b",
-      "created": "2023-03-20T15:56:47.307Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:56:47.307Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--40f30137-4db9-4596-b4c7-a12f1497fd92",
-      "created": "2020-11-10T17:08:35.831Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has performed rudimentary SSL certificate validation to verify C2 server authenticity before establishing a SSL connection.(Citation: Lookout Uyghur Campaign)",
-      "modified": "2022-04-18T16:02:42.303Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93",
-      "type": "relationship",
-      "created": "2020-09-11T15:50:18.937Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
-        }
-      ],
-      "modified": "2020-09-11T15:50:18.937Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--496976ef-4a0c-4782-95e7-231bd44df162",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.295Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.295Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device information, including device model and OS version.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "modified": "2019-10-09T14:51:42.845Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59",
-      "created": "2020-11-24T18:18:33.743Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-15T17:39:22.154Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b",
-      "created": "2023-02-06T19:47:08.535Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-30T15:13:44.210Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has code to encrypt device data with AES.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9",
-      "created": "2022-03-28T19:32:05.234Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
-      "modified": "2022-03-28T19:32:05.234Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.745Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.745Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.375Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184",
-      "created": "2022-03-30T17:53:56.805Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T17:53:56.805Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--23ecc134-0623-45ec-b8b5-52516483bda1",
-      "created": "2023-04-14T14:10:04.452Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-14T14:10:04.452Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has used code abstraction and anti-emulation checks to potentially avoid running while under analysis.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469",
-      "created": "2020-04-24T15:06:33.526Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:28:18.530Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a",
-      "created": "2022-03-30T15:52:29.935Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can potentially detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T15:52:29.935Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc",
-      "created": "2023-02-06T19:41:40.104Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:35:04.072Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can silently intercept and manipulate notifications. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also inject cookies via push notifications.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.485Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.485Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99",
-      "created": "2017-10-25T14:48:53.742Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Elcomsoft-iOSRestricted",
-          "url": "https://blog.elcomsoft.com/2018/09/ios-12-enhances-usb-restricted-mode/",
-          "description": "Oleg Afonin. (2018, September 20). iOS 12 Enhances USB Restricted Mode. Retrieved September 21, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS 11.4.1 and higher introduce USB Restricted Mode, which disables data access through the device's charging port under certain conditions (making the port only usable for power), likely preventing this technique from working.(Citation: Elcomsoft-iOSRestricted)",
-      "modified": "2022-04-01T15:35:28.360Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99",
-      "created": "2020-11-20T15:44:57.481Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:29:50.160Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-XcodeGhost1",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/",
-          "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016."
-        },
-        {
-          "source_name": "PaloAlto-XcodeGhost",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
-          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)",
-      "modified": "2022-04-15T15:10:16.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
-      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576",
-      "created": "2020-12-24T22:04:27.991Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:54:02.223Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.443Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.526Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.815Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.815Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--520c7112-9768-42c5-8917-1950efd182f9",
-      "created": "2023-02-06T19:38:45.607Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:33:30.155Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use keylogging to capture user input.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--046acda0-91de-4385-bcfb-157570d8e51d",
-      "created": "2023-03-30T15:25:00.442Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-30T15:26:46.611Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can search for installed applications that match a list of targets.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.304Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.304Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.631Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.741Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.058Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        },
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.058Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.499Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.499Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.548Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.548Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56",
-      "created": "2017-10-25T14:48:53.738Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ",
-      "modified": "2022-04-01T13:51:48.934Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:39:48.895Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.801Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.571Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included video recording in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd",
-      "created": "2022-04-01T15:03:02.553Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:03:02.553Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eee008fa-a46f-4542-93e3-8fe5f949130f",
-      "created": "2023-01-19T18:06:57.242Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:21:37.086Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can check to see if WiFi is enabled.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.489Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.489Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e2ee6825-43c2-441f-ba96-404a330a9059",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:54:51.590Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) steals contacts from the victim user's device.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837",
-      "created": "2022-03-30T18:14:23.210Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
-      "modified": "2022-03-30T18:14:23.210Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea",
-      "created": "2019-10-18T14:52:53.193Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
-      "modified": "2022-03-30T20:07:50.094Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c034c66-18ad-4b30-9f17-ed574c10918f",
-      "created": "2023-03-20T18:56:20.203Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:56:20.203Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb",
-      "created": "2020-09-15T15:18:12.466Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:17:07.033Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76",
-      "created": "2020-12-17T20:15:22.441Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:35:41.700Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has collected all outgoing phone numbers that start with “86”.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9",
-      "created": "2022-03-30T19:50:37.739Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:50:37.739Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--34351abd-1f58-420a-a893-ad822839815d",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:33:36.294Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures call logs.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd",
-      "type": "relationship",
-      "created": "2020-04-08T18:55:29.205Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        },
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.565Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:49.183Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-06T15:32:46.533Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.072Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10",
-      "created": "2019-09-03T20:08:00.649Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:32:04.659Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "url": "https://www.wandera.com/reddrop-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:01:48.463Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3f973c3c-45f8-432a-9859-e8749f2e7418",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.848Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses sensitive data in files, such as messages stored by the WhatsApp, Facebook, and Twitter applications. It also has the ability to access arbitrary filenames and retrieve directory listings.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7793a066-d72b-4a60-9579-e16369ea7185",
-      "created": "2023-03-20T18:57:55.221Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:55.221Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c",
-      "created": "2022-04-01T16:51:20.688Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.",
-      "modified": "2022-04-01T16:51:20.688Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37",
-      "type": "relationship",
-      "created": "2020-05-07T15:24:49.583Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-05-27T13:23:34.544Z",
-      "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.412Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.412Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556",
-      "created": "2019-09-04T15:38:56.678Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm"
-        },
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:44:31.870Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:53:41.561Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d562ed4d-ac4d-476b-872e-9e228c580889",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.506Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.506Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can obtain a list of installed applications.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.186Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.186Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access device configuration information and status, including Android version, battery level, device model, country, and SIM operator.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:17:53.923Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.215Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.215Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.444Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.444Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.301Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.301Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--32be51e2-f74d-441f-aa0d-952697a76494",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.599Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses a `FileObserver` object to monitor the Skype and WeChat database file and shared preferences to retrieve chat messages, account information, and profile pictures of the account owner and chat participants. [FlexiSpy](https://attack.mitre.org/software/S0408) can also spy on popular applications, including Facebook, Hangouts, Hike, Instagram, Kik, Line, QQ, Snapchat, Telegram, Tinder, Viber, and WhatsApp.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.333Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.333Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has used an online cell tower geolocation service to track targets.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956",
-      "created": "2020-11-24T17:55:12.873Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:56.899Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2",
-      "created": "2020-12-24T22:04:28.027Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:20:48.937Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c00031dd-0466-4fd2-9724-ab1c04232bad",
-      "created": "2023-03-20T18:44:40.722Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:40.722Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f",
-      "created": "2022-04-06T13:39:39.883Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:39:39.883Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--73d22490-4043-42d7-ad25-74e4a642bf6a",
-      "created": "2023-03-20T18:41:45.186Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:45.186Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-10-15T19:56:13.162Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f",
-      "created": "2019-09-23T13:36:08.463Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:55:41.638Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5",
-      "created": "2019-08-08T18:47:57.655Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android 10 Privacy Changes",
-          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
-          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ",
-      "modified": "2022-04-01T16:35:38.189Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9",
-      "type": "relationship",
-      "created": "2020-09-11T15:52:12.520Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:52:12.520Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24",
-      "created": "2023-03-15T16:40:37.553Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:40:37.553Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2",
-      "created": "2023-01-18T19:57:13.265Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:43:35.115Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use Accessibility Services to detect which process is in the foreground.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089",
-      "type": "relationship",
-      "created": "2020-04-24T15:12:11.189Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:12:11.189Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51",
-      "created": "2022-04-01T12:37:17.515Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "OS feature updates often enhance security and privacy around permissions. ",
-      "modified": "2022-04-01T12:37:17.515Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ab18ee61-f94a-411c-9893-941714ce713e",
-      "created": "2023-03-20T18:44:26.642Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:26.642Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630",
-      "created": "2020-07-15T20:20:59.300Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6",
-      "created": "2022-03-30T13:48:43.977Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
-      "modified": "2022-03-30T13:48:43.977Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388",
-      "created": "2022-03-30T20:36:18.656Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Attestation can typically detect rooted devices. For MDM-enrolled devices, action can be taken if a device fails an attestation check. ",
-      "modified": "2022-03-30T20:36:18.656Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
       "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
       "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9",
-      "created": "2023-02-28T21:42:52.037Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:25:22.438Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request location permissions.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86",
-      "created": "2019-09-03T19:45:48.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:09:08.738Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089",
-      "created": "2022-03-28T19:41:27.610Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
-      "modified": "2022-03-28T19:41:27.610Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.642Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6",
-      "created": "2020-01-21T14:20:50.409Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:46:20.857Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016",
-      "created": "2019-09-23T13:36:08.335Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01",
-      "created": "2022-03-30T14:00:45.120Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T14:00:45.120Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0",
-      "created": "2019-09-04T20:01:42.722Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
-      "modified": "2022-04-01T13:32:19.919Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484",
-      "created": "2020-04-24T17:46:31.616Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.340Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T18:55:29.238Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
-        }
-      ],
-      "modified": "2019-10-10T15:18:51.121Z",
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:13:18.720Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -20292,218 +15075,89 @@
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--0291c9d5-8977-420d-8374-b786e3095a73",
+      "created": "2023-03-20T18:49:53.204Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:34:15.917Z",
+      "description": "Mobile security products can potentially utilize device APIs to determine if a device has been rooted or jailbroken.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc",
+      "created": "2021-10-01T14:42:49.174Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:26:41.762Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467",
-      "created": "2022-04-11T20:06:56.034Z",
+      "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca",
+      "created": "2022-04-01T13:14:43.195Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-11T20:06:56.034Z",
+      "modified": "2022-04-01T13:14:43.195Z",
       "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e",
-      "created": "2020-06-26T15:32:24.921Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:50:47.973Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--22773074-4a95-48e0-905f-688ce048b5ed",
-      "created": "2020-04-24T17:46:31.593Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:53:51.524Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can prevent the user from interacting with the UI by showing a WebView with a persistent cursor.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--61550ef4-41f0-4354-af5c-f47db8aca654",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.910Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.910Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--681161b2-4e30-4d49-8524-6cc0d94585cb",
-      "created": "2023-03-16T13:33:26.925Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T13:33:26.925Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf",
-      "created": "2023-03-20T18:59:14.759Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:59:14.759Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.670Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-10-10T15:19:47.960Z",
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25",
-      "type": "relationship",
-      "created": "2020-09-11T15:55:43.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2020-09-11T15:55:43.774Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb",
-      "created": "2023-03-20T18:43:03.537Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:03.537Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4",
-      "created": "2022-04-06T15:28:20.249Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ",
-      "modified": "2022-04-06T15:28:20.249Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -20512,28 +15166,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b",
       "type": "relationship",
-      "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef",
-      "created": "2022-04-05T20:14:17.442Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:14:17.442Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.017Z",
+      "created": "2020-12-24T22:04:27.914Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -20542,83 +15177,11 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-12-24T22:04:28.017Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-12-24T22:04:27.914Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
       "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.494Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.179Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Proofpoint-Marcher",
-          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018.",
-          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:24:29.502Z",
-      "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.510Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.510Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -20627,511 +15190,8 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404",
-      "created": "2022-04-01T15:17:21.511Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:17:21.511Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.650Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.650Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) has been distributed in multiple stages.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711",
-      "created": "2023-02-06T20:12:17.434Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:04:59.445Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_CALL_LOG` permission.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3",
-      "created": "2023-02-06T18:50:12.251Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-14T14:40:57.100Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can check device system properties to potentially avoid running while under analysis.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.377Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.377Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.822Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.822Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.492Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T17:15:52.637Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23",
-      "created": "2020-12-24T22:04:27.911Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:31:11.269Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4f812a57-efdc-463b-bf37-baa4bca7502b",
-      "created": "2020-05-04T14:22:20.348Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:35:00.081Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can uninstall itself from a device on command by abusing the accessibility service.(Citation: SecurityIntelligence TrickMo) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa",
-      "created": "2023-02-06T19:05:28.288Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:05:28.288Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect files from or inspect the device’s filesystem.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a",
-      "created": "2020-11-20T16:37:28.591Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:02:09.253Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d",
-      "created": "2020-12-18T20:14:47.297Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--56551987-326a-46ad-a34a-59bb7ab793a9",
-      "created": "2020-12-14T14:52:03.266Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:24:07.828Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can request device administrator permissions.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b",
-      "created": "2020-07-15T20:20:59.307Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf",
-      "created": "2020-06-02T14:32:31.897Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:26:52.491Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "HackerNews-Allwinner",
-          "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html",
-          "description": "Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.(Citation: HackerNews-Allwinner)",
-      "modified": "2022-04-15T15:16:35.892Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--08784a9d-09e9-4dce-a839-9612398214e8",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357",
-      "created": "2019-07-10T15:25:57.572Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:31:46.913Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.799Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.138Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record video.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.698Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.412Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0",
-      "created": "2022-03-30T20:31:57.183Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.",
-      "modified": "2022-03-30T20:31:57.183Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d",
-      "created": "2020-06-26T14:55:13.385Z",
+      "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408",
+      "created": "2020-06-26T14:55:13.349Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -21142,162 +15202,109 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-15T17:39:39.931Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-18T15:57:14.375Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78",
-      "created": "2023-03-20T18:54:09.674Z",
-      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:54:09.674Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_deprecated": false,
+      "type": "relationship",
+      "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf",
+      "created": "2022-04-06T13:57:49.186Z",
       "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.441Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-09-23T13:36:08.441Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.501Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T16:47:53.197Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e",
-      "created": "2020-12-31T18:25:05.165Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES) ",
-      "modified": "2022-04-18T16:00:57.320Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "description": "",
+      "modified": "2022-04-06T13:57:49.186Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8",
+      "created": "2019-11-21T16:42:48.437Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:22:18.013Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b2896068-4d54-41e1-b0f2-db9385615112",
+      "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694",
       "type": "relationship",
-      "created": "2021-01-05T20:16:20.426Z",
+      "created": "2019-11-19T17:32:20.701Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.426Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has shown a persistent notification to maintain access to device sensors.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "modified": "2019-12-26T16:14:33.468Z",
+      "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
       "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--3857f790-6ea1-4f37-8d90-90904f175d63",
-      "created": "2023-01-18T21:37:55.717Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:48:17.771Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has C2 commands that can uninstall the app from the infected device.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
+      "type": "relationship",
+      "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71",
+      "created": "2022-04-18T15:49:00.561Z",
       "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-18T15:49:00.561Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120",
+      "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb",
       "type": "relationship",
-      "created": "2019-07-10T15:47:19.659Z",
+      "created": "2019-07-10T15:35:43.710Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -21306,14 +15313,40 @@
           "source_name": "Lookout Dark Caracal Jan 2018"
         }
       ],
-      "modified": "2019-07-16T15:35:21.086Z",
-      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2019-08-09T18:06:11.842Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--046acda0-91de-4385-bcfb-157570d8e51d",
+      "created": "2023-03-30T15:25:00.442Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-30T15:26:46.611Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can search for installed applications that match a list of targets.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -21345,143 +15378,210 @@
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--049b0c71-63e3-47ce-bb0b-149df0344b15",
+      "created": "2020-12-24T21:45:56.965Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:15:59.861Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access device contacts.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--cea30219-a255-43ae-b731-9512c5044523",
-      "created": "2022-04-18T19:46:02.547Z",
+      "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8",
+      "created": "2022-03-30T19:54:24.468Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ",
+      "modified": "2022-03-30T19:55:15.724Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112",
+      "created": "2022-04-05T19:59:03.285Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-18T19:46:02.547Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
+      "modified": "2022-04-05T19:59:03.285Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc",
+      "created": "2023-03-20T18:37:57.767Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T14:53:48.653Z",
+      "description": "Application vetting services could look for applications attempting to get `android.os.SystemProperties` or `getprop` with the runtime `exec()` commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.093Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.093Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab",
+      "created": "2020-09-11T14:54:16.589Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
       "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372",
       "type": "relationship",
-      "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc",
-      "created": "2022-04-01T13:18:40.460Z",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Xiao-KeyRaider",
+          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:22:32.033Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--05c36a8c-1526-4d5d-93c1-331fd132c30b",
+      "created": "2023-09-21T19:38:21.735Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T19:38:21.735Z",
+      "description": "Mobile security products may provide URL inspection services that could determine if a domain being visited is malicious.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+      "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ",
-      "modified": "2022-04-01T13:18:40.460Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5",
       "type": "relationship",
-      "created": "2020-09-11T16:22:03.231Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.231Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113",
-      "created": "2020-06-26T15:32:25.032Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.339Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.339Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.426Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:13.000Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f",
-      "created": "2020-12-17T20:15:22.501Z",
+      "id": "relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76",
+      "created": "2020-12-17T20:15:22.441Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -21494,11 +15594,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:22:48.246Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)",
+      "modified": "2023-04-05T17:35:41.700Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has collected all outgoing phone numbers that start with “86”.(Citation: Palo Alto HenBox)",
       "relationship_type": "uses",
       "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -21508,676 +15608,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.854Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6",
-      "created": "2022-04-05T19:54:12.660Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:54:12.660Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6",
-      "created": "2020-04-08T15:51:25.125Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:29:22.884Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94",
-      "created": "2022-04-15T17:52:24.125Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-15T17:52:24.125Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218",
+      "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce",
       "type": "relationship",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
         }
       ],
-      "modified": "2019-08-09T17:56:05.686Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2019-08-09T18:08:07.173Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
       "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b",
-      "created": "2019-11-18T14:47:25.327Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
-        },
-        {
-          "source_name": "Kaspersky Triada March 2016",
-          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
-          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:19:16.331Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650",
-      "created": "2019-07-10T15:35:43.663Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.259Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.259Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4",
-      "created": "2022-09-29T21:22:06.716Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T18:45:10.156Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc",
-      "created": "2023-03-20T18:14:50.401Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:47:25.861Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6",
-      "type": "relationship",
-      "created": "2020-10-29T17:48:27.225Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T17:48:27.225Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.997Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.997Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2d3198ff-a481-47ec-ae64-13d7be706929",
-      "created": "2023-02-28T21:41:47.503Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:41:47.503Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record video from the device camera.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2",
-      "created": "2022-04-01T13:27:29.919Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:27:29.920Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-07-16T15:35:21.063Z",
-      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1",
-      "created": "2019-07-10T15:35:43.661Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:32:57.154Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56",
-      "created": "2020-04-24T15:06:33.455Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:10:43.246Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8",
-      "created": "2023-03-20T18:56:24.246Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:56:24.246Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788",
-      "created": "2020-05-07T15:33:32.903Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:20:05.166Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3",
-      "created": "2021-02-08T16:36:20.788Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-15T17:35:26.197Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e",
-      "type": "relationship",
-      "created": "2020-01-14T17:47:08.826Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2020-01-14T17:47:08.826Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--def81edd-4410-47b2-a80f-d47b3f353f54",
-      "created": "2023-03-16T18:27:42.656Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:27:42.656Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.753Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.753Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354",
-      "type": "relationship",
-      "created": "2021-09-20T13:42:21.104Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-09-27T18:05:43.107Z",
-      "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce",
-      "created": "2022-04-01T18:42:50.381Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.",
-      "modified": "2022-04-01T18:42:50.381Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:53:03.638Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414",
-      "created": "2019-10-18T14:50:57.521Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
-      "modified": "2022-03-30T20:08:17.127Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-09-10T13:14:39.009Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
       "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -22186,994 +15631,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c",
       "type": "relationship",
-      "created": "2021-02-17T20:43:52.324Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.324Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0100020b-97d4-4657-bc71-c6a1774055a6",
-      "created": "2022-04-20T17:36:25.707Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:39:23.114Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has exfiltrated data via both SMTP and HTTP.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b19082d2-c151-45dd-8844-82335fbe3ed9",
-      "created": "2023-02-28T21:43:54.880Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:43:54.880Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can send text messages.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:18:51.813Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544",
-      "created": "2020-05-04T14:04:56.184Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:03:18.675Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.421Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.421Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e",
-      "created": "2023-03-20T18:52:52.011Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:52.011Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c",
-      "created": "2019-09-03T20:08:00.687Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:31:38.319Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-Skygofree",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:19:00.168Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--60782df8-1e96-48eb-a6b7-843c94b32b59",
-      "created": "2023-02-06T19:43:17.802Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:33:52.290Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can hide its application icon.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37",
-      "created": "2020-01-27T17:05:58.263Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:28:34.373Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:24.955Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:24.955Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--27050442-e578-44b7-9534-ada78824befe",
-      "created": "2023-02-06T19:45:09.612Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:45:09.612Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can intercept and read SMS messages.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b",
-      "created": "2022-04-06T15:51:11.939Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:51:11.939Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.511Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.511Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.380Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.380Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) dynamically loads its malicious functionality at runtime from an RC4-encrypted TTF file. [EventBot](https://attack.mitre.org/software/S0478) also utilizes ProGuard to obfuscate the generated APK file.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.516Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-10-15T19:44:36.177Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.701Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.399Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a",
-      "created": "2020-06-26T15:32:24.962Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:42:04.769Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd",
-      "created": "2019-09-03T19:45:48.503Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:10:38.937Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf",
-      "created": "2020-09-24T15:34:51.213Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:49:32.064Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.610Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.693Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13",
-      "created": "2020-10-29T17:48:27.425Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:45:26.765Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has registered to receive the `BOOT_COMPLETED` broadcast intent.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.284Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.284Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d",
-      "created": "2020-12-24T21:45:56.969Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:15:05.454Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c",
-      "type": "relationship",
-      "created": "2019-07-16T14:33:12.117Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.643Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072",
-      "created": "2021-10-01T14:42:49.171Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-18T19:01:58.546Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.120Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.120Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856",
-      "created": "2020-05-04T14:04:56.211Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:03:51.504Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27",
-      "created": "2022-03-30T15:08:28.814Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect unauthorized operating system modifications. ",
-      "modified": "2022-03-30T15:08:28.814Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.980Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.815Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3364dd33-c012-4aaf-852b-86e63bd724ac",
-      "created": "2023-02-06T19:38:22.312Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        },
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T22:06:53.022Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather session cookies from infected devices. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also abuse Accessibility Services to steal Google Authenticator tokens.(Citation: threatfabric_sova_0921)(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:34:25.318Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66",
-      "created": "2019-10-01T14:23:44.054Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ",
-      "modified": "2022-04-18T16:07:57.631Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1",
-      "created": "2019-09-04T15:38:57.037Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)",
-      "modified": "2022-04-15T17:34:17.813Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435",
-      "created": "2022-04-05T19:51:08.770Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 12 Features",
-          "url": "https://developer.android.com/about/versions/12/features",
-          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
-      "modified": "2022-04-05T19:51:08.770Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a",
-      "created": "2020-10-29T19:21:23.143Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:48:18.023Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac",
-      "created": "2020-12-18T20:14:47.310Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:27:20.839Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--34f9aed0-48a7-4815-8456-5541a7b8210f",
-      "created": "2019-09-04T14:28:16.487Z",
+      "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e",
+      "created": "2019-09-04T14:28:15.479Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
@@ -23184,392 +15644,35 @@
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the user's keystrokes.(Citation: Lookout-Monokle)",
-      "modified": "2022-04-15T17:34:52.414Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
       "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53",
       "type": "relationship",
-      "created": "2020-07-15T20:20:59.318Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.318Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237",
-      "created": "2019-11-21T16:42:48.441Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--06e2e07f-7835-4ef8-bcc0-bb5e2886839d",
+      "created": "2023-08-16T16:40:14.482Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:39:13.309Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)",
+      "modified": "2023-08-16T16:40:14.482Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather basic device information such as version, model, root status, and country.(Citation: cyble_chameleon_0423)",
       "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf",
-      "type": "relationship",
-      "created": "2020-09-11T15:43:49.309Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:43:49.309Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4449ac76-8329-4483-b152-99b990006cbc",
-      "created": "2019-09-04T15:38:56.937Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FlexiSpy-Features",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:58:10.115Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect a list of known Wi-Fi access points.(Citation: FlexiSpy-Features) ",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.397Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.397Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936",
-      "created": "2019-08-29T18:57:55.926Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Samsung Keyboards",
-          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
-          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
-      "modified": "2022-04-05T19:41:57.905Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.410Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.410Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.294Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9",
-      "created": "2019-09-04T14:28:15.316Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:26:48.912Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--79ef0025-3e1c-4914-9873-19808c2a5bec",
-      "created": "2023-02-28T21:44:22.373Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:44:22.373Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record the screen and stream the data off the device.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50",
-      "type": "relationship",
-      "created": "2021-09-20T13:50:02.036Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:50:02.036Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396",
-      "created": "2022-04-20T17:46:43.542Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:39:57.165Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Judy",
-          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.",
-          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.512Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab",
-      "created": "2022-04-11T20:06:38.811Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.",
-      "modified": "2022-04-11T20:06:38.811Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bc79a212-139f-4dce-be72-e90585f38f03",
-      "created": "2023-03-16T18:31:37.091Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:31:37.091Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -23580,58 +15683,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e",
+      "id": "relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9",
-      "created": "2022-03-30T14:26:02.359Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Changes to System Broadcasts",
-          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
-          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ",
-      "modified": "2022-03-30T14:26:02.359Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.391Z",
+      "created": "2020-11-20T16:37:28.547Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -23640,403 +15694,37 @@
           "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
         }
       ],
-      "modified": "2020-11-20T16:37:28.391Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)",
+      "modified": "2020-11-20T16:37:28.547Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect various pieces of device information, such as serial number and product information.(Citation: Symantec GoldenCup)",
       "relationship_type": "uses",
       "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.495Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.495Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f",
-      "type": "relationship",
-      "created": "2020-04-27T16:52:49.444Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.444Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688",
-      "created": "2020-05-07T15:33:32.910Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:19:44.427Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can hide its icon from the application launcher.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.298Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.298Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6",
-      "created": "2023-03-16T13:31:29.822Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T13:31:29.822Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920",
-      "created": "2022-04-05T19:46:22.326Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
-      "modified": "2022-04-05T19:46:22.326Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d",
-      "created": "2019-07-10T15:25:57.585Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:39:29.860Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31",
-      "created": "2022-09-29T20:11:55.474Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T18:39:16.003Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb",
-      "created": "2022-03-30T14:06:01.859Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T14:06:01.859Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--09c6bbd4-9058-4657-9d8e-656439637ac6",
-      "created": "2023-03-16T18:32:47.895Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:32:47.895Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) tricks the user into sending SMS messages to premium services and then deletes those messages.(Citation: Wandera-RedDrop)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c89d6493-3f33-4568-ac77-ba13b206ae69",
-      "created": "2023-03-20T18:52:24.667Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:24.667Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--492d5699-f885-411a-8431-254fcf33fb12",
-      "created": "2019-08-09T16:14:58.367Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Capture Sensor 2019",
-          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
-          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 and above restricts access to the mic, camera, and other device sensors from applications running in the background. iOS 14 and Android 12 introduced a visual indicator on the status bar (green dot) when an application is accessing the device’s camera.(Citation: Android Capture Sensor 2019)",
-      "modified": "2022-04-01T13:56:12.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14",
-      "created": "2020-06-26T15:32:25.043Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:53:04.417Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.062Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.062Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.975Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-10-14T17:51:38.054Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa",
-      "created": "2020-11-10T17:08:35.761Z",
+      "id": "relationship--0727ac06-5b46-4f79-abe9-63c1b923d383",
+      "created": "2023-02-06T19:05:56.974Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:00:38.611Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-03-27T17:07:11.541Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has included encoded shell scripts to potentially aid in the rooting process.(Citation: lookout_abstractemu_1021)",
       "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
+      "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -24044,44 +15732,21 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3",
+      "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67",
       "type": "relationship",
-      "created": "2020-12-31T18:25:05.142Z",
+      "created": "2020-09-11T16:22:03.250Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2020-12-31T18:25:05.142Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2020-09-11T16:22:03.250Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)",
       "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.217Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.305Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -24090,121 +15755,69 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49",
+      "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61",
       "type": "relationship",
-      "created": "2020-12-24T22:04:28.004Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "source_name": "PaloAlto-WireLurker",
+          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
         }
       ],
-      "modified": "2020-12-24T22:04:28.004Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)",
       "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809",
-      "created": "2020-01-27T17:05:58.305Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:27:33.906Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "type": "relationship",
+      "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc",
+      "created": "2022-03-30T19:36:20.304Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
+      "modified": "2022-03-30T19:36:20.304Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
       "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c943d462-fea7-4c01-88b2-de134153095b",
-      "created": "2023-03-20T18:56:37.473Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:56:37.473Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474",
-      "created": "2020-09-15T15:18:12.428Z",
+      "id": "relationship--07c727a6-6323-477a-bb55-34e130959b4e",
+      "created": "2023-10-10T15:33:57.556Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:45:11.727Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)",
+      "modified": "2023-10-10T15:33:57.556Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can mimic an app called “Storage Settings” if it cannot hide its icon.(Citation: Bitdefender Mandrake)",
       "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532",
-      "created": "2023-02-06T19:46:43.041Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:46:43.041Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has included adversary-in-the-middle capabilities.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+      "x_mitre_attack_spec_version": "2.1.0"
     },
     {
       "object_marking_refs": [
@@ -24233,187 +15846,61 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022",
       "type": "relationship",
-      "created": "2020-01-27T17:05:58.271Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.271Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f",
-      "created": "2019-10-18T15:51:48.451Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ",
-      "modified": "2022-04-01T13:32:32.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2",
-      "created": "2023-03-20T18:48:39.857Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:48:39.857Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
+      "id": "relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e",
+      "created": "2022-03-30T18:15:03.625Z",
       "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T18:15:03.625Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--ed7e9368-004c-484f-9eed-03b158325564",
-      "created": "2023-03-20T18:54:40.401Z",
+      "id": "relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f",
+      "created": "2023-03-20T15:55:32.395Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:54:40.401Z",
-      "description": "",
+      "modified": "2023-08-14T16:45:55.097Z",
+      "description": "Application vetting services could look for use of standard APIs (e.g. the clipboard API) that could indicate data manipulation is occurring.",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330",
-      "created": "2022-04-01T15:01:53.321Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.",
-      "modified": "2022-04-01T15:01:53.321Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.382Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.382Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7",
-      "created": "2022-04-01T14:59:17.991Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ",
-      "modified": "2022-04-01T14:59:17.991Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.448Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-15T19:56:50.651Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02",
-      "created": "2020-06-26T15:32:25.144Z",
+      "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126",
+      "created": "2019-09-03T19:45:48.517Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "CheckPoint Cerberus",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020.",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/"
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:10:26.480Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)",
+      "modified": "2023-04-05T17:09:45.426Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -24421,25 +15908,44 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f",
-      "created": "2023-02-28T20:39:57.194Z",
+      "id": "relationship--085f8397-0233-42d7-855e-3dbd709f2eca",
+      "created": "2023-01-18T21:39:27.823Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-31T22:07:21.417Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Domain Generation Algorithms to connect to the C2 server.(Citation: proofpoint_flubot_0421)",
+      "modified": "2023-03-27T18:30:43.093Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the Android “Direct Reply” feature to spread the malware to other devices. It can also download the full version of the malware after initial device compromise.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f",
+      "created": "2023-03-20T18:58:33.787Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:15:45.239Z",
+      "description": "Application vetting services could look for `android.permission.READ_SMS` in an Android application’s manifest. Most applications do not need access to SMS messages, so extra scrutiny could be applied to those that request it. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -24450,300 +15956,57 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--29357289-362c-447c-b387-9a38b50d7296",
-      "created": "2022-04-15T17:20:06.338Z",
+      "id": "relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8",
+      "created": "2022-04-01T15:16:02.324Z",
       "x_mitre_version": "0.1",
       "external_references": [
         {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+          "source_name": "iOS Universal Links",
+          "url": "https://developer.apple.com/ios/universal-links/",
+          "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020."
         },
         {
-          "source_name": "Check Point-Joker",
-          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
-          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)",
-      "modified": "2022-04-15T17:20:06.338Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a",
-      "created": "2021-01-07T17:02:31.805Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
+          "source_name": "Android App Links",
+          "url": "https://developer.android.com/training/app-links/verify-site-associations",
+          "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020."
+        },
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+          "source_name": "IETF-PKCE",
+          "url": "https://tools.ietf.org/html/rfc7636",
+          "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016."
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:56:32.861Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e",
-      "created": "2020-12-14T15:02:35.291Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:25:06.012Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658",
-      "created": "2022-04-01T19:06:40.361Z",
-      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T19:06:40.361Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158",
-      "created": "2020-10-29T17:48:27.325Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:11:02.157Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:23:04.150Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted the full contents of text messages.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651",
-      "created": "2023-04-11T19:54:52.711Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T19:54:52.711Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can programmatically tap the screen or swipe.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7",
-      "created": "2023-03-20T18:48:56.995Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:48:56.995Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7",
-      "type": "relationship",
-      "created": "2019-03-11T15:13:40.425Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
-          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
-          "source_name": "TrendMicro-Anserver2"
-        }
-      ],
-      "modified": "2019-10-15T19:55:04.517Z",
-      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d",
-      "created": "2022-04-01T17:06:06.950Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ",
-      "modified": "2022-04-01T17:06:06.950Z",
+      "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ",
+      "modified": "2022-04-01T15:16:02.324Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b",
-      "created": "2022-03-30T20:48:00.360Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
+      "id": "relationship--088c74f5-4b43-48aa-a2be-275f0c02ffc8",
+      "created": "2023-07-21T19:38:06.254Z",
       "revoked": false,
-      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
-      "modified": "2022-03-30T20:48:00.360Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760",
-      "created": "2022-03-30T14:41:20.735Z",
-      "x_mitre_version": "0.1",
       "external_references": [
         {
-          "source_name": "Android Changes to System Broadcasts",
-          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
-          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)",
-      "modified": "2022-03-30T14:41:20.735Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7",
-      "created": "2023-03-20T18:55:33.546Z",
-      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:55:33.546Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "modified": "2023-07-21T19:38:06.254Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can retrieve account information for third party services, such as Google, Telegram, WeChat, or WhatsApp.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -24752,1023 +16015,28 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--08a43019-d393-451f-a23c-2dfa17ec40b2",
+      "created": "2023-01-18T19:15:24.775Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:24:38.256Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)",
+      "modified": "2023-03-27T17:51:07.963Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can steal incoming SMS messages and send SMS messages from compromised devices. (Citation: cyble_drinik_1022)",
       "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257",
-      "type": "relationship",
-      "created": "2020-10-29T17:48:27.469Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T17:48:27.469Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
       "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.780Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.131Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.131Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c",
-      "created": "2022-04-01T14:59:39.294Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Apple regularly provides security updates for known OS vulnerabilities.",
-      "modified": "2022-04-01T14:59:39.294Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e",
-      "created": "2023-03-16T18:26:45.940Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:26:45.940Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.774Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.495Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a",
-      "type": "relationship",
-      "created": "2019-08-09T17:52:13.352Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.877Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76",
-      "created": "2023-03-20T18:42:18.058Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:42:18.058Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.461Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.686Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.408Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.408Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a",
-      "created": "2020-11-20T16:37:28.475Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:52:20.309Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090",
-      "created": "2023-03-20T18:58:30.773Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:30.773Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.256Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.256Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad",
-      "created": "2021-10-01T14:42:49.159Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69",
-      "created": "2019-10-14T19:14:18.673Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Group IB Gustuff Mar 2019",
-          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019.",
-          "url": "https://www.group-ib.com/blog/gustuff"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:32:47.359Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.664Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-01T19:48:44.840Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f",
-      "created": "2020-06-26T15:12:40.100Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:49:00.042Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e3a961ec-8184-4143-b8c2-c33ea0503678",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.315Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.315Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can take photos and record videos.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3d65c2b7-c907-45e1-b942-95f7d765e749",
-      "created": "2023-03-20T18:53:34.056Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:34.056Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b",
-      "created": "2021-02-17T20:49:24.542Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:22:40.300Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33",
-      "created": "2023-03-20T19:00:09.608Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T19:00:09.608Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f",
-      "created": "2022-04-01T18:49:19.284Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.",
-      "modified": "2022-04-01T18:49:19.284Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8",
-      "created": "2022-04-15T15:57:32.958Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:21:49.009Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can enable app installation from unknown sources.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7",
-      "created": "2022-03-31T19:53:01.320Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-31T19:53:01.320Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d",
-      "type": "relationship",
-      "created": "2019-08-09T18:06:11.672Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.672Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:24:53.701Z",
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d",
-      "created": "2022-03-30T19:14:20.374Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:14:20.374Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.308Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.308Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d",
-      "created": "2020-05-04T14:04:56.179Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)",
-      "modified": "2022-04-15T17:20:54.552Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1f8f0021-6992-476c-ba1c-232542dc1633",
-      "created": "2023-03-20T18:58:52.857Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:52.857Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.157Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.157Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3",
-      "created": "2020-11-24T17:55:12.830Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:42.102Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c",
-      "created": "2022-04-01T18:45:00.923Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.",
-      "modified": "2022-04-01T18:45:00.923Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-DualToy",
-          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:42:14.121Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.157Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a5b37f26-7629-4195-9536-12e349e5843b",
-      "created": "2023-03-20T18:51:04.334Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:04.334Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.519Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.519Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3841024e-1047-40fa-9e25-ac6d5c14612a",
-      "created": "2023-02-28T21:41:22.768Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:25:52.302Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view device contacts.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5",
-      "created": "2022-09-30T19:23:02.689Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T19:23:02.689Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9",
-      "created": "2022-04-01T13:19:41.207Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:19:41.207Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9b8b51fb-c380-4516-b109-821f015506d4",
-      "created": "2023-03-20T15:40:26.994Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:40:26.994Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71",
-      "created": "2019-07-10T15:42:09.606Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:01:46.513Z",
-      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -25798,98 +16066,52 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b",
+      "created": "2019-12-10T16:07:41.081Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409",
-      "created": "2020-06-26T15:32:25.146Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
+      "modified": "2023-04-05T20:47:53.438Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
       "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)",
-      "modified": "2022-04-20T16:37:46.192Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "modified": "2019-10-10T15:24:09.378Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.593Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.593Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
       "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca",
-      "created": "2019-09-03T19:45:48.510Z",
+      "id": "relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956",
+      "created": "2020-11-24T17:55:12.873Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:10:15.827Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ",
+      "modified": "2023-04-05T17:21:56.899Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has communicated with the C2 using HTTP requests or WebSockets as a backup.(Citation: Talos GPlayed) ",
       "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -25899,25 +16121,82 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8",
+      "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e",
       "type": "relationship",
-      "created": "2020-09-24T15:34:51.433Z",
+      "created": "2020-06-02T14:32:31.875Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
         }
       ],
-      "modified": "2020-09-24T15:34:51.433Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)",
+      "modified": "2020-06-02T14:32:31.875Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ",
       "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--09ad7d9f-d618-46c2-a9f3-e4a943245a72",
+      "created": "2023-09-21T19:37:48.020Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T19:37:48.020Z",
+      "description": "Users can be trained to identify social engineering techniques and phishing emails.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca",
+      "created": "2022-04-06T13:22:57.754Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:22:57.754Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--09c6bbd4-9058-4657-9d8e-656439637ac6",
+      "created": "2023-03-16T18:32:47.895Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:15:16.326Z",
+      "description": "Application vetting services could look for `android.permission.READ_CALL_LOG` in an Android application’s manifest. Most applications do not need call log access, so extra scrutiny could be applied to those that request it. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d",
@@ -25948,22 +16227,14 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7",
+      "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012",
       "type": "relationship",
-      "created": "2020-12-14T15:02:35.230Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.230Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -25971,340 +16242,95 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819",
+      "id": "relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb",
       "type": "relationship",
-      "created": "2019-08-07T15:57:13.412Z",
+      "created": "2020-12-18T20:14:47.412Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
         }
       ],
-      "modified": "2019-09-15T15:36:42.312Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2020-12-18T20:14:47.412Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has included native modules.(Citation: WhiteOps TERRACOTTA)",
       "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33",
+      "type": "relationship",
+      "created": "2020-09-11T15:45:38.450Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:45:38.450Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.077Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.077Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb",
-      "created": "2019-09-04T15:38:56.881Z",
+      "id": "relationship--0ae94053-1963-45ba-a3a9-62e508281c8e",
+      "created": "2023-01-19T18:06:36.986Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:56:00.761Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)",
+      "modified": "2023-03-29T21:21:58.318Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.(Citation: trendmicro_tianyspy_0122) ",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228",
-      "created": "2022-04-01T18:44:46.780Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-01T18:44:46.780Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f857935b-653a-4b9a-a2dc-59c042059a39",
-      "created": "2023-03-20T15:56:04.673Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:56:04.673Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041",
-      "type": "relationship",
-      "created": "2017-10-25T14:48:53.742Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-06-24T15:08:18.481Z",
-      "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d",
-      "created": "2020-09-29T13:24:15.234Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.456Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.455Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0",
-      "created": "2022-04-01T16:52:03.322Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T16:52:03.322Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.466Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.466Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.035Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        },
-        {
-          "source_name": "CheckPoint Cerberus",
-          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
-          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.035Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f",
-      "created": "2020-06-02T14:32:31.906Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)",
-      "modified": "2022-04-20T16:40:05.898Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365",
-      "created": "2019-09-04T14:28:15.950Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:35:59.273Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000",
-      "created": "2022-03-30T15:13:42.462Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T15:13:42.462Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.133Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.133Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c",
-      "created": "2022-04-01T18:52:02.211Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught the dangers of rooting or jailbreaking their device.",
-      "modified": "2022-04-01T18:52:02.211Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -26338,706 +16364,114 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d",
+      "created": "2020-05-04T14:04:56.179Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Kaspersky-Skygofree",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) payloads have used several commercially available packers.(Citation: Google Bread)",
+      "modified": "2022-04-15T17:20:54.552Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad",
-      "created": "2020-12-24T21:55:56.752Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:26:16.282Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf",
-      "created": "2023-03-20T15:46:49.646Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:46:49.646Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:53:38.161Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd",
-      "created": "2022-03-30T20:08:40.223Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ",
-      "modified": "2022-03-30T20:08:40.223Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.312Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.312Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.900Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.900Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2",
-      "created": "2019-09-03T20:08:00.704Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T17:18:58.074Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
       "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b",
       "type": "relationship",
-      "created": "2020-12-14T15:02:35.286Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.286Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.210Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad",
-      "created": "2023-03-20T18:55:03.385Z",
+      "id": "relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651",
+      "created": "2023-04-11T19:54:52.711Z",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:55:03.385Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "modified": "2023-04-11T19:54:52.711Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can programmatically tap the screen or swipe.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--069b2328-442b-491e-962d-d3fe01f0549e",
-      "created": "2019-09-04T14:28:15.479Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via email and SMS from a set of \"control phones.\"(Citation: Lookout-Monokle)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394",
-      "created": "2021-02-08T16:36:20.639Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:07:15.780Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae",
-      "created": "2020-12-24T22:04:27.902Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:04:02.992Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--34dd5c26-eec9-4288-8e53-677271d490b2",
-      "created": "2023-01-18T19:46:02.646Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:43:57.834Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use accessibility event logging to steal data in text fields.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d",
-      "created": "2023-03-20T15:55:09.279Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:55:09.279Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb",
-      "created": "2020-09-11T16:22:03.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:58:57.686Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80",
-      "created": "2022-03-31T19:51:41.431Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
-      "modified": "2022-03-31T19:51:41.431Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--12de5aeb-9427-4665-81a0-257c76d6f188",
-      "created": "2023-03-03T16:20:48.781Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:20:48.781Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has replaced device apps with ones it has downloaded.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e",
-      "created": "2022-04-08T16:29:30.371Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-08T16:29:30.371Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "type": "relationship",
       "id": "relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2",
       "created": "2023-03-20T15:28:54.837Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T15:28:54.837Z",
-      "description": "",
+      "modified": "2023-08-07T17:15:34.376Z",
+      "description": "Usage of insecure or malicious third-party libraries could be detected by application vetting services. Malicious software development tools could be detected by enterprises that deploy endpoint protection software on computers that are used to develop mobile apps. Application vetting could detect the usage of insecure or malicious third-party libraries.",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
       "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1",
       "type": "relationship",
-      "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9",
-      "created": "2022-04-05T19:52:32.201Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:52:32.201Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625",
-      "created": "2022-03-31T16:33:55.074Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-31T16:33:55.074Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.382Z",
+      "created": "2020-09-11T14:54:16.650Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
         }
       ],
-      "modified": "2020-06-26T14:55:13.382Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)",
+      "modified": "2020-09-11T14:54:16.650Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) has been distributed in multiple stages.(Citation: Lookout Desert Scorpion)",
       "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SuperMarioRun",
-          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
-          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:24:32.173Z",
-      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)",
-      "relationship_type": "uses",
-      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3",
+      "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253",
       "type": "relationship",
-      "created": "2020-09-11T14:54:16.615Z",
+      "created": "2020-12-31T18:25:05.178Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
         }
       ],
-      "modified": "2020-09-11T14:54:16.615Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)",
+      "modified": "2020-12-31T18:25:05.178Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.621Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.621Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee",
-      "created": "2020-11-24T17:55:12.895Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--886849fc-f83c-4d69-b700-bfad0def765d",
-      "created": "2023-03-16T18:32:30.054Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:32:30.054Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.218Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.218Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.451Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.451Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -27046,1104 +16480,25 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b",
+      "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2020-06-02T14:32:31.777Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
         }
       ],
-      "modified": "2019-10-15T19:44:36.125Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678",
-      "type": "relationship",
-      "created": "2021-09-20T13:59:00.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2021-09-20T13:59:00.498Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.597Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "source_name": "FortiGuard-FlexiSpy"
-        }
-      ],
-      "modified": "2019-09-10T14:59:25.979Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f",
-      "created": "2020-06-24T18:24:35.707Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:30:27.616Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)",
+      "modified": "2020-06-02T14:32:31.777Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)",
       "relationship_type": "uses",
       "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.021Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9",
-      "created": "2020-04-08T15:51:25.149Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:30:28.587Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:24:55.047Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56",
-      "created": "2020-06-26T15:32:25.045Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:27:05.040Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.903Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.903Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055",
-      "created": "2020-01-27T17:05:58.310Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:28:20.439Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d",
-      "created": "2019-09-04T15:38:56.883Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:18:38.582Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--93c20f43-6684-471c-910f-d9577f289677",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-19T15:47:05.436Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.407Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.407Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52",
-      "created": "2023-01-19T18:07:52.146Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:19:25.438Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can exfiltrate collected user data, including credentials and authorized cookies, via email.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-WireLurker",
-          "description": "Claud Xiao. (2014, November 5). WireLurker: A New Era in OS X and iOS Malware. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[WireLurker](https://attack.mitre.org/software/S0312) monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.(Citation: PaloAlto-WireLurker)",
-      "relationship_type": "uses",
-      "source_ref": "malware--326eaf7b-5784-4f08-8fc2-61fd5d5bc5fb",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:00:45.438Z",
-      "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9",
-      "created": "2022-04-01T18:43:01.860Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-01T18:43:01.860Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059",
-      "created": "2023-03-20T18:51:23.032Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:23.032Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5",
-      "created": "2020-04-08T15:41:19.445Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
-        },
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
-      "modified": "2022-04-20T17:57:23.327Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.273Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.273Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133",
-      "created": "2022-03-30T20:31:41.927Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
-      "modified": "2022-03-30T20:31:41.927Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.900Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.900Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c",
-      "type": "relationship",
-      "created": "2020-01-21T15:29:27.041Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2020-01-21T15:29:27.041Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.495Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.495Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.617Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.617Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.459Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--25655385-5b0d-4700-a59f-d5d043625b84",
-      "created": "2023-02-06T18:50:50.273Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:13:16.813Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use rooting exploits to silently give itself permissions or install additional malware.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2",
-      "created": "2023-03-20T18:59:57.364Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:59:57.364Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213",
-      "created": "2022-04-20T17:31:58.697Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)",
-      "modified": "2022-04-20T17:31:58.697Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--06348e22-9a06-4e4c-a57c-e438462e7fce",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.173Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record audio via the microphone when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
-        }
-      ],
-      "modified": "2019-10-10T15:18:51.154Z",
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
       "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.624Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.624Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081",
-      "created": "2023-01-18T19:19:01.740Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:52:20.587Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use Accessibility Services to disable Google Play Protect.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3f81a680-3151-4608-b83f-550756632013",
-      "type": "relationship",
-      "created": "2020-07-20T13:58:53.604Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.301Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a",
-      "created": "2020-12-24T21:55:56.691Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:38:17.926Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38",
-      "created": "2022-04-01T18:43:25.764Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
-      "modified": "2022-04-01T18:43:25.764Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd",
-      "type": "relationship",
-      "created": "2020-06-26T15:12:40.094Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:12:40.094Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87",
-      "type": "relationship",
-      "created": "2020-06-26T15:12:40.098Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:12:40.098Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--97408547-bacd-4308-a8be-556e9ff04951",
-      "created": "2023-03-20T18:55:23.628Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:55:23.628Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T14:13:45.296Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.919Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.919Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22",
-      "created": "2019-03-11T15:13:40.454Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-Anserver",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/",
-          "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)",
-      "modified": "2022-04-18T19:04:48.388Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d",
-      "created": "2023-03-15T16:34:51.794Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:34:51.794Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415",
-      "created": "2022-03-30T14:50:07.291Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect unauthorized operating system modifications.",
-      "modified": "2022-03-30T14:50:07.291Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "type": "relationship",
       "id": "relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349",
@@ -28171,260 +16526,25 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a",
-      "created": "2022-04-01T14:51:51.593Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
+      "id": "relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e",
+      "created": "2020-07-15T20:20:59.200Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ",
-      "modified": "2022-04-01T14:51:51.593Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.351Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
         }
       ],
-      "modified": "2020-06-26T14:55:13.351Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:50:39.124Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access the device’s contact list.(Citation: Bitdefender Mandrake)",
       "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014",
-      "type": "relationship",
-      "created": "2019-08-05T13:22:03.917Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.873Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f",
-      "created": "2022-04-05T20:11:35.619Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ",
-      "modified": "2022-04-05T20:11:35.619Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b610c587-576a-40cc-9f76-6362455c8ff4",
-      "created": "2023-03-20T18:43:01.334Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:01.334Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302",
-      "created": "2022-04-05T19:42:39.957Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android 12 Features",
-          "url": "https://developer.android.com/about/versions/12/features",
-          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
-      "modified": "2022-04-05T19:51:47.956Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619",
-      "created": "2023-03-20T18:44:04.803Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:04.803Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e",
-      "created": "2022-03-28T19:40:40.860Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:40:40.860Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c23d9eff-1d4e-479f-a114-acc535540a23",
-      "created": "2023-03-20T18:46:51.895Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:46:51.895Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a",
-      "created": "2020-06-26T14:55:13.304Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.213Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.213Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:54:13.685Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole contact list data stored both on the the phone and the SIM card.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -28433,25 +16553,18 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1",
-      "created": "2023-01-18T19:13:15.991Z",
+      "id": "relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad",
+      "created": "2023-03-20T18:55:03.385Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:11:24.686Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) has code to use Firebase Cloud Messaging for receiving C2 instructions.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "modified": "2023-08-09T16:44:01.271Z",
+      "description": "Application vetting services could look for the Android permission `android.permission.QUERY_ALL_PACKAGES`, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API `LSApplicationWorkspace` and apply extra scrutiny to applications that employ it.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -28461,46 +16574,189 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd",
+      "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db",
       "type": "relationship",
-      "created": "2019-10-10T15:22:52.545Z",
+      "created": "2019-08-09T17:59:48.988Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "TrendMicro-RCSAndroid",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
         }
       ],
-      "modified": "2019-10-10T15:22:52.545Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)",
+      "modified": "2019-08-09T17:59:48.988Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06",
-      "created": "2020-09-11T16:22:03.269Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--0c417238-738d-4bda-8359-d37d39414ebe",
+      "created": "2023-08-04T18:30:41.599Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout ViperRAT",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:41:00.652Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)",
+      "modified": "2023-08-04T18:30:41.599Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate phone number and IMEI.(Citation: lookout_hornbill_sunbird_0221)",
       "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0c558826-5cea-422e-8e67-83e53c04d409",
+      "created": "2020-06-26T15:32:25.146Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 using HTTP requests over port 8888.(Citation: CheckPoint Cerberus)",
+      "modified": "2022-04-20T16:37:46.192Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.276Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.276Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.818Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c",
+      "created": "2022-04-01T18:51:44.595Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
+      "modified": "2022-04-01T18:51:44.595Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0cf39d51-2d80-4576-b088-e787b113513e",
+      "created": "2023-09-28T17:39:48.745Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zimperium FlyTrap",
+          "description": "A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023.",
+          "url": "https://www.zimperium.com/blog/flytrap-android-malware-compromises-thousands-of-facebook-accounts/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-30T21:05:31.625Z",
+      "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can use HTTP to communicate with the C2 server.(Citation: Zimperium FlyTrap)",
+      "relationship_type": "uses",
+      "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f",
+      "created": "2020-12-24T21:55:56.749Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:41:52.454Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has hidden its app icon.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -28508,30 +16764,211 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc",
-      "created": "2019-09-04T14:28:15.412Z",
+      "id": "relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b",
+      "created": "2023-03-20T18:41:56.287Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:50:42.655Z",
+      "description": "On Android, the user can review which applications have Device Administrator access in the device settings and revoke permission where appropriate. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.333Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has used an online cell tower geolocation service to track targets.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184",
+      "created": "2022-03-30T17:53:56.805Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T17:53:56.805Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594",
+      "created": "2022-04-05T17:14:08.267Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:14:08.267Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0e8607f6-daab-44df-b167-105403a4ef41",
+      "created": "2023-01-18T19:57:33.986Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:19:04.639Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ",
+      "modified": "2023-03-27T18:39:39.355Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the “Direct Reply” feature of Android to automatically reply to notifications with a message provided by C2.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39",
+      "created": "2020-06-26T14:55:13.387Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:59:55.854Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) communicates with the C2 using HTTP requests.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:25:52.381Z",
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.885Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.885Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can track the device’s location.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd",
+      "created": "2021-01-05T20:16:20.488Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can launch a fake Facebook login page.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b",
@@ -28565,1611 +17002,73 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--848581bc-bf8f-40e2-871e-cd67042b4adf",
-      "created": "2023-01-18T19:14:40.120Z",
+      "id": "relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369",
+      "created": "2023-02-02T17:46:27.077Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:59:26.448Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use overlays to steal user banking credentials entered into legitimate sites.(Citation: cyble_drinik_1022)",
+      "modified": "2023-03-27T18:43:17.131Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can exfiltrate captured user credentials and event logs back to the C2 server. (Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c",
-      "created": "2022-04-01T18:51:44.595Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
-      "modified": "2022-04-01T18:51:44.595Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6",
-      "created": "2022-04-01T15:16:53.239Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:16:53.239Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072",
-      "type": "relationship",
-      "created": "2020-09-11T15:14:34.064Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SMS KitKat",
-          "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html",
-          "description": "S.Main, D. Braun. (2013, October 14).  Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-10-22T17:04:15.708Z",
-      "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71",
-      "created": "2022-04-18T15:49:00.561Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download text files with commands from an FTP server and exfiltrate data via email.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-18T15:49:00.561Z",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8",
-      "created": "2022-04-01T18:49:51.050Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:49:51.050Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0",
-      "created": "2019-09-04T15:38:56.702Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:48:30.652Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
-          "source_name": "Wandera-RedDrop"
-        }
-      ],
-      "modified": "2019-10-15T19:27:27.997Z",
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.207Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.207Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.010Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.010Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.786Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.139Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.888Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.888Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de",
-      "created": "2023-03-20T15:57:00.953Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:57:00.953Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f296fc9c-2ff5-43ee-941e-6b49c438270a",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe",
-      "created": "2017-10-25T14:48:53.746Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ",
-      "modified": "2022-03-30T20:07:33.678Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5d37400f-80f9-4500-9357-185650e5a7b2",
-      "created": "2023-02-06T18:54:13.573Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:14:02.866Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use HTTP to communicate with the C2 server.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:22:32.033Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather SMS messages.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987",
-      "created": "2022-04-01T18:43:15.716Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
-      "modified": "2022-04-01T18:43:15.716Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097",
-      "created": "2022-04-01T15:16:26.387Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not open links in applications they don’t recognize.",
-      "modified": "2022-04-01T15:16:26.387Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745",
-      "created": "2022-03-30T17:54:56.603Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T17:54:56.603Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4920a041-86f7-495b-896c-4d964950ed7e",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.454Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.454Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) has contained native libraries.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3",
-      "created": "2023-03-03T16:26:48.531Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:26:48.531Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected compromised device MAC addresses.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd",
-      "created": "2022-04-01T15:02:43.475Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T15:02:43.475Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a",
-      "created": "2023-03-20T18:53:52.174Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:52.174Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b",
-      "created": "2019-07-10T15:35:43.704Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:41:13.182Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
       "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.257Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.257Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e245e45a-71a8-408d-8f32-7b7337bffc26",
-      "created": "2023-01-18T19:19:58.007Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:10:23.208Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can hide its application icon.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402",
-      "created": "2021-10-01T14:42:49.178Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:25:39.509Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
+      "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef",
       "type": "relationship",
-      "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
-          "source_name": "TrendMicro-RCSAndroid",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:23:38.651Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)",
+      "modified": "2019-10-10T15:24:09.248Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)",
       "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48",
-      "created": "2020-09-24T15:34:51.298Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:24:09.872Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4b7e117b-0c82-49d0-bee6-119158b3355b",
-      "created": "2023-02-28T20:32:37.800Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T20:32:50.168Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can disable Google Play Protect to prevent detection.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e",
-      "created": "2020-04-08T15:51:25.122Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:29:51.699Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.502Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.502Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71",
-      "created": "2022-03-30T20:53:54.296Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:53:54.296Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "id": "relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2",
+      "created": "2020-12-24T22:04:28.027Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d",
-      "created": "2019-09-23T13:36:08.451Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb",
-      "created": "2020-11-10T17:08:35.846Z",
-      "x_mitre_version": "1.0",
       "external_references": [
         {
           "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:20:48.937Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has modified or configured proxy information.(Citation: Lookout Uyghur Campaign) ",
       "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.582Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.582Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:49.184Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:49.184Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85",
-      "created": "2022-04-01T13:13:10.587Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ",
-      "modified": "2022-04-01T13:13:10.587Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9",
-      "created": "2022-04-01T17:08:15.158Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "CSRIC5-WG10-FinalReport",
-          "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf",
-          "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ",
-      "modified": "2022-04-11T19:09:00.362Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CrowdStrike-Android",
-          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
-          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
-      "relationship_type": "uses",
-      "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:01:14.020Z",
-      "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.419Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.419Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0",
-      "created": "2022-04-05T19:49:06.417Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
-      "modified": "2022-04-05T19:49:06.417Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.417Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.417Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "modified": "2019-10-15T19:54:10.284Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0",
-      "created": "2020-10-29T17:48:27.394Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:30:18.307Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952",
-      "created": "2020-04-24T17:46:31.564Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:25:55.378Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416",
-      "created": "2023-03-20T18:52:56.247Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:56.247Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.478Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-10-14T17:52:48.001Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0",
-      "created": "2017-10-25T14:48:53.741Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.",
-      "modified": "2022-03-30T20:25:46.994Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed",
-      "created": "2019-07-10T15:35:43.668Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:55:00.294Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d4154247-90ce-43b9-8c17-5c28f67617f5",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.747Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.747Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed browser history, as well as the files for 15 other apps.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--529107fd-6420-4573-8dbf-cdcd49c2708c",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.307Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.307Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can gather device network information.(Citation: Cybereason EventBot) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf",
-      "created": "2023-03-16T18:28:28.144Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:28:28.144Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf",
-          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
-          "source_name": "CrowdStrike-Android"
-        }
-      ],
-      "modified": "2020-03-20T16:37:06.668Z",
-      "description": "(Citation: CrowdStrike-Android)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
-      "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.819Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.819Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8",
-      "created": "2022-03-30T18:06:21.355Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Symantec-iOSProfile2",
-          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
-          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
-        },
-        {
-          "source_name": "Android-TrustedCA",
-          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
-          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
-      "modified": "2022-03-30T18:06:21.355Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544",
-      "created": "2022-04-05T19:40:25.071Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:40:25.071Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda",
-      "created": "2023-02-06T19:02:00.135Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:16:28.481Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself microphone permissions.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0cabc5f9-045e-490c-a97f-efe00dbade86",
-      "type": "relationship",
-      "created": "2020-01-27T17:05:58.276Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:05:58.276Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record video.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2",
-      "created": "2022-04-01T15:13:55.124Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be instructed to not open links in applications they don’t recognize.",
-      "modified": "2022-04-01T15:13:55.124Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--01965668-d033-4aca-a8e5-71a07070e266",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--45dcbc83-4abc-4de1-b643-e528d1e9df09",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383",
-      "created": "2022-04-05T20:17:46.149Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:17:46.149Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671",
-      "created": "2021-02-08T16:36:20.709Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "modified": "2022-04-18T16:07:26.671Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0727ac06-5b46-4f79-abe9-63c1b923d383",
-      "created": "2023-02-06T19:05:56.974Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:07:11.541Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has included encoded shell scripts to potentially aid in the rooting process.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9",
-      "created": "2022-04-06T13:57:38.847Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:57:38.847Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a",
-      "type": "relationship",
-      "created": "2019-08-09T17:56:05.588Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.588Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f",
-      "created": "2022-03-28T19:25:38.355Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates may contain patches that inhibit system software compromises.",
-      "modified": "2022-03-28T19:25:38.355Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983",
-      "type": "relationship",
-      "created": "2019-09-04T15:38:56.916Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
-        }
-      ],
-      "modified": "2019-09-10T14:59:26.071Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f",
-      "created": "2019-12-10T16:07:41.083Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:21:03.081Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
       "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -30180,1525 +17079,26 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73",
       "type": "relationship",
-      "created": "2020-07-20T14:12:15.566Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Check Point-Joker",
-          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
-          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-07-20T14:12:15.566Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118",
-      "created": "2020-12-24T21:55:56.696Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:23:54.777Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.497Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.497Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7",
-      "created": "2022-04-15T16:00:43.483Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:52:33.829Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-EnterpriseApps",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.728Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-01T14:42:48.728Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6",
-      "created": "2020-09-14T13:35:45.911Z",
+      "id": "relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936",
+      "created": "2019-08-29T18:57:55.926Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "ESET-Twitoor",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
+          "source_name": "Samsung Keyboards",
+          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
+          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)",
-      "modified": "2022-04-20T17:56:24.292Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--02e4aedc-0674-4598-948b-0a32758af9ca",
-      "created": "2022-04-01T13:14:43.195Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T13:14:43.195Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--79eec66a-9bd0-4a3f-ac82-19159e94bd44",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:28:46.820Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.878Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.878Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.314Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.314Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.691Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.691Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45",
-      "created": "2019-09-15T15:32:17.580Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Notification Listeners",
-          "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)",
-          "description": "Android. (n.d.).  DevicePolicyManager. Retrieved September 15, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ",
-      "modified": "2022-04-01T14:50:28.686Z",
+      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards) An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
+      "modified": "2022-04-05T19:41:57.905Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e",
-      "type": "relationship",
-      "created": "2020-12-14T14:52:03.310Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.310Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f",
-      "created": "2023-03-20T18:58:33.787Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:33.787Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1",
-      "created": "2020-10-29T17:48:27.175Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:18:05.613Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-MobileMalware",
-          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
-          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:03:20.968Z",
-      "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3",
-      "created": "2023-02-06T19:01:39.599Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:25:11.903Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself contact list access.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21",
-      "type": "relationship",
-      "created": "2021-01-20T16:01:19.323Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zimperium z9",
-          "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/",
-          "description": "zLabs. (2019, November 12).  How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021."
-        }
-      ],
-      "modified": "2021-01-20T16:01:19.323Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--12852406-87df-4892-a177-e15e81739000",
-      "created": "2023-03-20T18:50:14.139Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:50:14.139Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.445Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.445Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef",
-      "created": "2020-07-27T14:14:56.993Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108",
-      "created": "2023-03-20T18:57:17.059Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:17.059Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--afc0e8b2-2e85-4640-8517-fb2e16831082",
-      "created": "2023-01-18T19:45:27.807Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:56:03.190Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a WebView with a fake log in site to capture banking credentials.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f",
-      "created": "2020-12-24T21:55:56.749Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:41:52.454Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has hidden its app icon.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50",
-      "type": "relationship",
-      "created": "2019-10-10T15:14:57.378Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-10T15:14:57.378Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.314Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.314Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--54dac52d-5279-407f-b7b4-5484ae90b98c",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.402Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.402Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has downloaded and installed additional applications.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0",
-      "created": "2022-03-30T19:52:05.143Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:52:05.143Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.682Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d",
-      "created": "2020-12-17T20:15:22.496Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:55:35.453Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.214Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.076Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78",
-      "created": "2023-02-28T20:37:59.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:08:37.122Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can obfuscated class, string, and method names in newer malware versions.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Charger",
-          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
-          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
-        }
-      ],
-      "modified": "2019-10-09T14:51:42.827Z",
-      "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93",
-      "type": "relationship",
-      "created": "2020-11-10T17:08:35.800Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:54:20.494Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3565140f-1570-494d-9d6f-91c9203ece69",
-      "created": "2023-03-20T18:52:29.821Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:29.821Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.385Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.877Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91",
-      "created": "2020-12-18T20:14:47.369Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:48:00.045Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93",
-      "created": "2023-03-20T18:21:59.396Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:21:59.396Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--75ed2348-279f-4485-97a3-9a5ada27d799",
-      "created": "2023-02-06T19:06:17.406Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:06:17.406Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can disable Play Protect.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659",
-      "created": "2020-12-24T21:45:56.967Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:15:22.472Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3b24a287-36e1-49b9-811d-c0080147ff57",
-      "created": "2023-03-20T18:41:47.754Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:47.754Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.296Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ArsTechnica-HummingBad",
-          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
-          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-21T18:51:23.251Z",
-      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store, and has generated revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b",
-      "created": "2020-12-24T21:55:56.743Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:36:12.585Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9",
-      "created": "2019-07-16T14:33:12.113Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Krebs-Triada June 2019",
-          "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/",
-          "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019."
-        },
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)",
-      "modified": "2022-04-19T15:47:32.152Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca",
-      "created": "2023-03-20T18:58:19.895Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:19.895Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af",
-      "created": "2023-01-18T21:20:01.333Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:56:41.614Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use HTTP to send C2 messages to infected devices.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8",
-      "created": "2019-11-21T16:42:48.437Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:22:18.013Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect SMS messages.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8",
-      "created": "2020-06-02T14:32:31.903Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:40:06.957Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf",
-      "created": "2019-07-16T14:33:12.144Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:40:27.131Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817",
-      "created": "2019-09-20T18:03:57.062Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android 10 Execute",
-          "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission",
-          "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)",
-      "modified": "2022-04-01T18:37:44.516Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a",
-      "created": "2023-03-20T18:44:36.073Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:36.073Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
       "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.596Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--148703c5-6d07-439c-a4ff-d77119c70857",
-      "created": "2023-03-20T18:52:21.767Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:52:21.767Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369",
-      "type": "relationship",
-      "created": "2019-12-10T16:07:41.066Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2019-12-10T16:07:41.066Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62",
-      "created": "2023-03-20T18:57:14.194Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:14.194Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962",
-      "created": "2022-03-30T19:54:07.548Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
-      "modified": "2022-03-30T19:54:07.548Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
       "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--66ba3094-7c14-41b9-b7c1-814d026156b9",
-      "type": "relationship",
-      "created": "2020-09-11T15:58:40.846Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:58:40.846Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete and send SMS messages.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc",
-      "created": "2020-09-14T14:13:45.286Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/esurv-research"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:40:48.237Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1",
-      "created": "2022-04-06T13:52:46.831Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 7 changed how the Device Administrator password APIs function.",
-      "modified": "2022-04-06T13:52:46.831Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb",
-      "created": "2020-12-24T22:04:28.024Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:41:54.548Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab",
-      "created": "2023-01-18T19:58:21.223Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-01-18T19:58:21.223Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has used RSA to encrypt the symmetric encryption key used for C2 messages.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.981Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.981Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -31728,117 +17128,202 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef",
+      "created": "2020-09-14T14:13:45.291Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/esurv-research"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "HackerNews-OldBoot",
-          "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.",
-          "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)",
+      "modified": "2023-04-05T21:30:00.975Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)",
       "relationship_type": "uses",
-      "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc",
-      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451",
       "type": "relationship",
-      "id": "relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f",
-      "created": "2019-09-03T19:45:48.518Z",
+      "created": "2019-10-10T15:03:27.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
           "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:11:03.802Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can capture SMS messages.(Citation: SWB Exodus March 2019)",
+      "modified": "2019-10-10T15:03:27.682Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) One encrypts data using XOR prior to exfiltration.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
       "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951",
-      "created": "2023-01-19T18:08:14.716Z",
+      "id": "relationship--117a7e1e-d5dc-451d-ab79-f29bdfec40ae",
+      "created": "2023-10-10T15:33:59.743Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+          "source_name": "CrowdStrike-Android",
+          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-01T16:50:04.964Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) has encrypted C2 details, email addresses, and passwords.(Citation: trendmicro_tianyspy_0122) ",
+      "modified": "2023-10-10T15:33:59.743Z",
+      "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was placed in a repackaged version of an application used by Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
       "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--119b848b-84b4-4f86-a265-0c9eb8680072",
+      "created": "2021-10-01T14:42:49.171Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can be controlled via IRC using freenode.net servers.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-18T19:01:58.546Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--11a1da8f-f0db-4abe-88bb-1ab06f271f3f",
+      "created": "2023-10-10T15:33:57.223Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:57.223Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506)’s second stage has masqueraded as “System Updates”, “Viber Update”, and “WhatsApp Update”.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--11a992e7-83a3-4dc3-b391-fbd79e518943",
+      "created": "2023-07-21T19:40:08.668Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:40:08.668Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can encrypt its data before exfiltration.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.426Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:13.000Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) uses XOR to obfuscate its second stage binary.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
       "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95",
-      "type": "relationship",
-      "created": "2019-10-18T15:51:48.525Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2019-10-18T15:51:48.525Z",
-      "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3",
-      "created": "2020-07-20T13:27:33.486Z",
+      "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+          "source_name": "PaloAlto-Xbot",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:54:25.851Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)",
+      "modified": "2023-04-05T21:17:40.860Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)",
       "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -31848,297 +17333,29 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1",
+      "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f",
       "type": "relationship",
-      "created": "2020-11-24T17:55:12.887Z",
+      "created": "2019-08-07T15:57:13.415Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
         }
       ],
-      "modified": "2020-11-24T17:55:12.887Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)",
+      "modified": "2019-09-15T15:36:42.339Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd",
-      "created": "2023-03-20T18:43:03.117Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:03.117Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e928c0ce-2b98-4af5-a990-f690f4306681",
-      "created": "2023-03-20T18:43:46.070Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:46.070Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.276Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.276Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec",
-      "created": "2022-04-01T15:54:48.924Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ",
-      "modified": "2022-04-01T15:54:48.924Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.420Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.420Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved device images for exfiltration.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695",
-      "type": "relationship",
-      "created": "2020-09-11T16:23:16.363Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:23:16.363Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8",
-      "created": "2022-04-05T19:49:59.027Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:49:59.027Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.961Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.782Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6",
-      "type": "relationship",
-      "created": "2020-10-29T17:48:27.332Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-10-29T17:48:27.332Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
       "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3",
-      "created": "2020-12-14T14:52:03.283Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-20T16:43:23.973Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.488Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "source_name": "SecureList - ViceLeaker 2019"
-        },
-        {
-          "source_name": "Bitdefender - Triout 2018",
-          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
-          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
-        }
-      ],
-      "modified": "2020-01-21T14:20:50.474Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ArsTechnica-HummingBad",
-          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
-          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7965128c-89d6-411e-b765-c60e0cae96c6",
-      "created": "2023-02-06T19:40:36.807Z",
+      "id": "relationship--127e6672-d16a-4370-b277-4d04874a4cfe",
+      "created": "2023-02-06T19:37:24.358Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -32151,11 +17368,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-29T21:36:23.084Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can manipulate clipboard data to replace cryptocurrency addresses.(Citation: threatfabric_sova_0921)",
+      "modified": "2023-04-11T19:29:31.138Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use overlays capture banking credentials and credit card information, and can open arbitrary WebViews from the C2.(Citation: threatfabric_sova_0921)",
       "relationship_type": "uses",
       "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -32163,62 +17380,24 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07",
-      "created": "2023-03-20T18:54:25.458Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:54:25.458Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1",
-      "created": "2019-09-04T15:38:56.809Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--1284ba4a-c48c-4533-ac35-664828616ee3",
+      "created": "2023-07-21T19:52:46.863Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:37:35.704Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)",
+      "modified": "2023-07-21T19:52:46.863Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access and exfiltrate files, such as photos or video.(Citation: kaspersky_fakecalls_0422)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb",
-      "created": "2023-03-20T18:58:14.140Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:14.140Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -32229,75 +17408,330 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e",
       "type": "relationship",
-      "created": "2019-09-03T19:45:48.496Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-10-14T16:47:53.226Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847",
-      "created": "2022-04-06T13:30:03.526Z",
+      "id": "relationship--1284f6fe-d352-415c-9479-82141524380a",
+      "created": "2022-03-30T18:06:48.250Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.",
-      "modified": "2022-04-06T13:30:03.527Z",
+      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
+      "modified": "2022-03-30T18:06:48.250Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f",
-      "created": "2022-03-30T20:07:33.291Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T20:07:33.291Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--e012da15-7669-4764-ad9d-8a1d817bcca9",
-      "created": "2023-03-20T18:23:04.068Z",
+      "id": "relationship--12852406-87df-4892-a177-e15e81739000",
+      "created": "2023-03-20T18:50:14.139Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:23:04.068Z",
-      "description": "",
+      "modified": "2023-08-08T15:34:56.071Z",
+      "description": "Application vetting services could potentially determine if an application contains code designed to exploit vulnerabilities.",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--12d14048-793c-456c-a2b8-d812de547ca7",
+      "created": "2023-09-28T17:19:38.041Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:19:38.041Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can read SMS messages on the device.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--12d61e7d-7fa6-422d-9817-901decf6b650",
+      "created": "2019-07-10T15:35:43.663Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) uses phishing popups to harvest user credentials.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--12de5aeb-9427-4665-81a0-257c76d6f188",
+      "created": "2023-03-03T16:20:48.781Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:20:48.781Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has replaced device apps with ones it has downloaded.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d",
+      "created": "2020-12-18T20:14:47.297Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has generated non-human advertising impressions.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a",
+      "created": "2022-04-05T19:52:38.539Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "CSRIC-WG1-FinalReport",
+          "description": "CSRIC-WG1-FinalReport"
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ",
+      "modified": "2022-04-05T19:52:38.539Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1329a866-0f6b-4660-b537-a6d208352502",
+      "created": "2023-06-09T19:11:12.827Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T20:48:55.333Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect a device's phone number and IMEI, and can check to see if WiFi is enabled.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1343f1a3-0f03-4bcf-a9e6-4f5697ae35dd",
+      "created": "2023-08-04T18:35:25.381Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:35:25.381Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can try to run arbitrary commands as root.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1348c744-3127-4a55-a5b4-2f439f41e941",
+      "created": "2020-07-27T14:14:56.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:48:16.775Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can install itself on the system partition to achieve persistence. [Zen](https://attack.mitre.org/software/S0494) can also replace `framework.jar`, which allows it to intercept and modify the behavior of the standard Android API.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--13495d9c-6877-4bc9-888a-7d92362bcb40",
+      "created": "2023-06-09T19:10:19.108Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:13:50.488Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect device contacts.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d",
+      "created": "2019-10-18T14:50:57.491Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities.",
+      "modified": "2022-03-30T15:52:58.256Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--13aba849-5004-4457-9f3b-49e470b589e0",
+      "created": "2023-03-20T18:43:44.617Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:21:05.598Z",
+      "description": "Application vetting services could look for connections to unknown domains or IP addresses. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--13e69c40-1511-4fac-b4c3-d31fc4b6c579",
+      "created": "2023-07-21T19:40:25.197Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:40:25.197Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can download and run code obtained from the C2.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
@@ -32309,22 +17743,48 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3",
       "type": "relationship",
-      "created": "2021-04-19T14:29:46.530Z",
+      "id": "relationship--13efc415-5e17-4a16-81c2-64e74815907f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can prompt a fake alert dialog to phish user credentials.(Citation: PaloAlto-XcodeGhost)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--14143e21-51bf-4fa7-a949-d22a8271f590",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
         }
       ],
-      "modified": "2021-04-19T14:29:46.530Z",
-      "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ",
+      "modified": "2019-08-09T17:53:48.780Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record audio using the device microphone.(Citation: TrendMicro-RCSAndroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -32332,21 +17792,40 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f",
       "type": "relationship",
-      "created": "2021-10-01T14:42:49.191Z",
+      "id": "relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c",
+      "created": "2022-04-01T14:59:39.294Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Apple regularly provides security updates for known OS vulnerabilities.",
+      "modified": "2022-04-01T14:59:39.294Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--142532a6-bf7c-4b25-be23-16f01160f3c5",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.417Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
         }
       ],
-      "modified": "2021-10-01T14:42:49.191Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)",
+      "modified": "2020-09-15T15:18:12.417Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect account information stored on the device, as well as data in external storage.(Citation: Cybereason FakeSpy)",
       "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
       "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -32355,42 +17834,327 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--14474366-938a-4359-bf24-e2c718adfaf5",
       "type": "relationship",
-      "id": "relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594",
-      "created": "2022-04-05T17:14:08.267Z",
+      "created": "2020-06-26T14:55:13.382Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.382Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can download new libraries when instructed to.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--146275c0-b6dd-4700-bded-bc361a67d023",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.253Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.253Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can record audio.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6",
+      "created": "2022-03-30T15:18:21.256Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-05T17:14:08.267Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "modified": "2022-03-30T15:18:21.256Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--c5089859-b21f-40a3-8be4-63e381b8b1c0",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--148703c5-6d07-439c-a4ff-d77119c70857",
+      "created": "2023-03-20T18:52:21.767Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:23:41.266Z",
+      "description": "Many properly configured firewalls may also naturally block command and control traffic over non-standard ports.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--15065492-1aef-4cf8-af3c-cc763eee5daf",
+      "created": "2020-09-24T15:34:51.213Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:02:40.717Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)",
+      "modified": "2023-04-05T20:49:32.064Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can detect if it is being ran on an emulator.(Citation: Lookout-Dendroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.094Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.094Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to perform actions on behalf of the user, including launching attacker-specified applications to steal data.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80",
+      "created": "2022-03-30T19:33:05.375Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.",
+      "modified": "2022-03-30T19:33:05.375Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.582Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.582Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device network configuration information such as IMSI, IMEI, and Wi-Fi connection state.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.740Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-12T13:51:41.045Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--17141729-226d-40d4-928d-ffbd2eed7d11",
+      "created": "2022-04-05T19:37:16.086Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:37:16.086Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca",
+      "created": "2020-09-11T16:22:03.285Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:50:52.737Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s contact list.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--17558571-7352-470b-b728-0511fb3f699d",
+      "type": "relationship",
+      "created": "2019-10-18T15:51:48.484Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-24T15:02:13.534Z",
+      "description": "Users should be warned against granting access to accessibility features, and to carefully scrutinize applications that request this dangerous permission.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7",
+      "created": "2022-03-31T19:53:01.320Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-31T19:53:01.320Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--17e94f34-e367-491c-9f9f-79294e124b4f",
+      "created": "2020-12-17T20:15:22.501Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:22:48.246Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can intercept SMS messages.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1822e616-ae33-487c-8aa6-4fa81e724184",
+      "created": "2021-02-08T16:36:20.785Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:06:22.576Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included contact list exfiltration in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -32401,23 +18165,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331",
-      "created": "2022-03-30T15:08:13.679Z",
+      "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd",
+      "created": "2022-04-01T18:50:00.027Z",
       "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android-VerifiedBoot",
-          "url": "https://source.android.com/security/verifiedboot/",
-          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
-      "modified": "2022-03-30T15:08:13.679Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "description": "",
+      "modified": "2022-04-01T18:50:00.027Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -32427,20 +18184,409 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5",
-      "created": "2022-04-06T15:47:06.163Z",
+      "id": "relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea",
+      "created": "2022-04-06T13:40:14.515Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 10 Privacy Changes",
+          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
+          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 10 prevents applications from accessing clipboard data unless the application is on the foreground or is set as the device’s default input method editor (IME).(Citation: Android 10 Privacy Changes)",
+      "modified": "2022-04-06T13:40:14.515Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Adware",
+          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:26:05.199Z",
+      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:23:04.150Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted the full contents of text messages.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1987b242-c868-40b2-993d-9dbeea311d4b",
+      "created": "2022-03-30T14:08:09.882Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-06T15:47:06.163Z",
+      "modified": "2022-03-30T14:08:09.882Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "source_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--198b99e6-3954-4c93-90bc-4227b45270a4",
+      "created": "2023-08-04T19:03:55.638Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:03:55.638Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can delete locally gathered files after uploading them to the C2 to avoid suspicion.(Citation: lookout_hornbill_sunbird_0221) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--19b95b83-bac0-455f-882f-0209abddb76f",
+      "created": "2022-04-05T20:11:35.619Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications that properly encrypt network traffic may evade some forms of AiTM behavior. ",
+      "modified": "2022-04-05T20:11:35.619Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8220b57e-c400-4525-bf69-f8edc6b389a8",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:12:48.998Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80",
+      "created": "2022-03-31T19:51:41.431Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
+      "modified": "2022-03-31T19:51:41.431Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd",
+      "created": "2020-07-15T20:20:59.289Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:49:47.110Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can evade automated analysis environments by requiring a CAPTCHA on launch that will prevent the application from running if not passed. It also checks for indications that it is running in an emulator.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e",
+      "created": "2020-09-14T14:13:45.299Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)",
+      "modified": "2022-04-18T15:58:08.240Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e",
+      "created": "2022-04-01T17:05:56.046Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ",
+      "modified": "2022-04-01T17:05:56.046Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.548Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.548Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can obtain a list of installed applications.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1b9b145c-ce80-4d0e-99f2-d756b806745b",
+      "created": "2023-07-21T19:35:17.565Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:35:17.565Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can access a device’s microphone to record audio, as well as cell and VoIP application calls.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e",
+      "created": "2020-12-31T18:25:05.165Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES) ",
+      "modified": "2022-04-18T16:00:57.320Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1be8aca9-d5a6-4cc5-9fbe-7625f7ff8d6a",
+      "created": "2023-08-16T16:36:59.360Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:36:59.360Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather cookies and device logs.(Citation: cyble_chameleon_0423) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb",
+      "type": "relationship",
+      "created": "2020-10-29T19:21:23.162Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:21:23.162Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Judy",
+          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/",
+          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf",
@@ -32471,1108 +18617,141 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a",
+      "id": "relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73",
       "type": "relationship",
-      "created": "2020-11-24T17:55:12.846Z",
+      "created": "2020-07-20T14:12:15.566Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+          "source_name": "Check Point-Joker",
+          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
+          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
         }
       ],
-      "modified": "2020-11-24T17:55:12.846Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)",
+      "modified": "2020-07-20T14:12:15.566Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can collect device notifications.(Citation: Check Point-Joker)",
       "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2",
-      "created": "2022-03-30T19:12:31.481Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:12:31.481Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0e8607f6-daab-44df-b167-105403a4ef41",
-      "created": "2023-01-18T19:57:33.986Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:39:39.355Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use the “Direct Reply” feature of Android to automatically reply to notifications with a message provided by C2.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7",
-      "created": "2023-03-20T15:33:34.181Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:33:34.181Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263",
-      "created": "2023-03-15T16:23:59.107Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:23:59.107Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9",
-      "created": "2022-03-28T19:25:49.640Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Ensure Verified Boot is enabled on devices with that capability.",
-      "modified": "2022-03-28T19:25:49.640Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da",
-      "type": "relationship",
-      "created": "2021-09-24T14:52:41.308Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2021-09-24T14:52:41.308Z",
-      "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--08a43019-d393-451f-a23c-2dfa17ec40b2",
-      "created": "2023-01-18T19:15:24.775Z",
+      "id": "relationship--1cc71849-142f-4097-9546-7946b0b546a6",
+      "created": "2020-04-08T15:51:25.125Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:51:07.963Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can steal incoming SMS messages and send SMS messages from compromised devices. (Citation: cyble_drinik_1022)",
+      "modified": "2023-04-05T17:29:22.884Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can determine if it is running in an emulator.(Citation: ThreatFabric Ginp)",
       "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
+      "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
       "type": "relationship",
-      "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc",
+      "id": "relationship--1cca5e17-80ae-4b6e-8919-2768153aa966",
       "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky-WUC",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:37:02.853Z",
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e",
-      "created": "2019-09-03T20:08:00.717Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+          "source_name": "PaloAlto-Xbot",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c",
-      "created": "2019-11-21T19:16:34.820Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2793d721-df10-4621-8387-f3342def59a1",
-      "created": "2022-03-30T18:14:36.786Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
-      "modified": "2022-03-30T18:14:36.786Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e",
-      "created": "2023-02-28T20:34:18.504Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:12:45.147Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use HTTP POST requests on port 80 for communicating with its C2 server.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--049c39ab-c036-457a-9b8f-4318416658b8",
-      "created": "2022-03-30T19:54:24.468Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "A locked bootloader could prevent unauthorized modifications of protected operating system files. ",
-      "modified": "2022-03-30T19:55:15.724Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d",
-      "created": "2019-09-03T20:08:00.708Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)",
-      "modified": "2022-04-15T16:55:56.825Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--51757971-17ac-40c3-bae7-78365579db49",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro-Obad",
-          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:02:27.188Z",
-      "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1284f6fe-d352-415c-9479-82141524380a",
-      "created": "2022-03-30T18:06:48.250Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
-      "modified": "2022-03-30T18:06:48.250Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a",
-      "created": "2023-03-20T18:39:10.113Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:39:10.113Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cc345ae4-0d60-4f21-98b3-596c15118745",
-      "created": "2023-02-06T19:42:46.814Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:38:03.367Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can send SMS messages.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.383Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:41:19.383Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737",
-      "created": "2022-04-18T16:53:24.617Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Wandera-RedDrop",
-          "url": "https://www.wandera.com/reddrop-malware/",
-          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ",
-      "modified": "2022-04-20T16:33:23.507Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341",
-      "type": "relationship",
-      "created": "2019-07-16T14:33:12.085Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "modified": "2020-04-27T16:52:49.480Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) utilizes a backdoor in a Play Store app to install additional trojanized apps from the Command and Control server.(Citation: Google Triada June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8",
-      "created": "2019-09-04T15:38:56.721Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FortiGuard-FlexiSpy",
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:48:43.225Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306",
-      "type": "relationship",
-      "created": "2020-05-07T15:33:32.778Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-07T15:33:32.778Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.450Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.282Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.282Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2",
-      "created": "2023-01-18T21:24:28.714Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:55:39.648Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a Domain Generation Algorithm to decode the C2 server location.(Citation: nccgroup_sharkbot_0322) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c",
-      "created": "2020-09-11T14:54:16.646Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:45:14.199Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f",
-      "created": "2023-03-20T18:43:14.051Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:14.051Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998",
-      "created": "2020-04-08T15:41:19.385Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) uses phishing pages mimicking Google Play's payment interface as well as bank login pages.(Citation: PaloAlto-Xbot)",
       "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
       "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de",
+      "created": "2023-03-20T15:57:00.953Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88",
-      "created": "2022-04-01T12:37:42.068Z",
+      "modified": "2023-08-08T15:30:59.104Z",
+      "description": "The user is prompted for approval when an application requests device administrator permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ",
-      "modified": "2022-04-01T12:37:42.068Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--1d2daf8f-ce51-47b5-b985-63ae4edfad4b",
+      "created": "2023-08-07T22:15:34.550Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0",
-      "created": "2019-09-03T20:08:00.711Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Group IB Gustuff Mar 2019",
-          "url": "https://www.group-ib.com/blog/gustuff",
-          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
-        },
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
-        }
-      ],
+      "modified": "2023-08-07T22:46:12.263Z",
+      "description": "Command-line activities can potentially be detected through Mobile Threat Defense (MTD) integrations with lower-level OS APIs. This could grant the MTD agents access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
       "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)",
-      "modified": "2022-04-19T19:42:17.904Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1",
-      "created": "2020-07-15T20:20:59.227Z",
+      "id": "relationship--1d828f51-1c04-466c-beaf-2d4de741a544",
+      "created": "2020-05-04T14:04:56.184Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+          "source_name": "Google Bread",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:33:57.748Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)",
+      "modified": "2023-04-05T17:03:18.675Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can access SMS messages in order to complete carrier billing fraud.(Citation: Google Bread)",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7",
-      "type": "relationship",
-      "created": "2019-11-21T16:42:48.490Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
-        }
-      ],
-      "modified": "2019-11-21T16:42:48.490Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad",
-      "created": "2020-04-24T15:06:33.397Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:37:37.674Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9",
-      "created": "2020-09-11T14:54:16.649Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:52:05.260Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8",
-      "created": "2019-11-21T16:42:48.459Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList - ViceLeaker 2019",
-          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
-          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:37:19.124Z",
-      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4819f391-01de-4525-992b-7e4a4f6667de",
-      "type": "relationship",
-      "created": "2020-11-20T15:46:51.603Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T15:46:51.603Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can take pictures with the camera.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed",
-      "created": "2023-03-20T18:58:56.347Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:56.347Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e",
-      "created": "2023-03-03T16:25:52.931Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:25:52.931Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about installed applications.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265",
-      "created": "2021-04-19T14:29:46.510Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:15:42.930Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:49.112Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175",
-      "created": "2022-03-30T15:52:09.759Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T15:52:09.759Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d",
-      "created": "2019-09-03T20:08:00.760Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos Gustuff Apr 2019",
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:11:36.853Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696",
-      "created": "2022-03-28T19:38:23.189Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-28T19:38:23.190Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--127e6672-d16a-4370-b277-4d04874a4cfe",
-      "created": "2023-02-06T19:37:24.358Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-11T19:29:31.138Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use overlays capture banking credentials and credit card information, and can open arbitrary WebViews from the C2.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b",
-      "created": "2022-04-01T16:51:04.584Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "GoogleIO2016",
-          "url": "https://www.youtube.com/watch?v=XZzLjllizYs",
-          "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)",
-      "modified": "2022-04-01T16:51:04.584Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -33592,1253 +18771,29 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "type": "relationship",
-      "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1",
-      "created": "2020-07-20T13:27:33.514Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:35:47.258Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9",
-      "created": "2020-07-20T13:27:33.509Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:36:07.297Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c656539-aa1e-42db-9016-d38f1daaae16",
-      "created": "2023-01-18T19:20:26.156Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:06:05.822Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can collect user SMS messages.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1",
-      "created": "2023-03-15T16:24:12.588Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:24:12.588Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--393300c4-6852-466d-a163-1d51330fe055",
-      "created": "2023-03-20T18:45:39.292Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:48:50.839Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--82b58c75-239e-4dac-b848-bc1f3354adc4",
-      "created": "2023-03-20T18:41:18.288Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:41:18.288Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689",
-      "created": "2022-04-06T13:35:43.203Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult",
-      "modified": "2022-04-06T13:35:43.203Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999",
-      "created": "2020-11-24T17:55:12.818Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:21:12.197Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d",
-      "created": "2020-07-15T20:20:59.380Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)",
-      "modified": "2022-04-18T19:18:24.378Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dbef53a9-f9c4-4582-8e93-349ad488de12",
-      "created": "2023-02-28T21:42:06.525Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:27:42.197Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view call logs.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae",
-      "created": "2019-09-04T20:01:42.753Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Nightwatch screencap April 2016",
-          "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/",
-          "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ",
-      "modified": "2022-04-01T13:31:59.712Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4",
-      "created": "2023-03-30T15:18:37.934Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cleafy_sova_1122",
-          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
-          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-30T15:18:37.934Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can take screenshots and abuse the Android Screen Cast feature to capture screen data.(Citation: cleafy_sova_1122)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1",
-      "created": "2020-12-24T21:45:56.920Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:16:17.615Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--1250f91c-723d-4b4c-afea-b3a71101951f",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.415Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-15T15:36:42.339Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query the device's IMEI.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e",
-      "created": "2020-06-02T14:32:31.900Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:18:38.700Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a",
-      "created": "2023-03-03T16:25:09.978Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:25:09.978Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) is believed to have initially infected devices using internet traffic hijacking to generate abnormal popups.(Citation: paloalto_yispecter_1015) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791",
-      "created": "2022-03-30T19:33:17.520Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
-      "modified": "2022-03-30T19:33:17.520Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f",
-      "created": "2022-03-30T14:49:47.451Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android-VerifiedBoot",
-          "url": "https://source.android.com/security/verifiedboot/",
-          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
-      "modified": "2022-03-30T14:49:47.451Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce",
-      "created": "2022-04-06T13:57:24.730Z",
+      "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb",
+      "created": "2022-04-06T15:41:03.981Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-06T13:57:24.730Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-08-09T17:56:05.683Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03",
-      "type": "relationship",
-      "created": "2020-12-17T20:15:22.449Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
-        }
-      ],
-      "modified": "2020-12-17T20:15:22.449Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.074Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.074Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f",
-      "type": "relationship",
-      "created": "2020-12-14T15:02:35.287Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Securelist Asacub",
-          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
-          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T15:02:35.290Z",
-      "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
-      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f",
-      "created": "2020-10-29T19:01:13.839Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Microsoft MalLockerB",
-          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
-          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:54:05.374Z",
-      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
-      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76",
-      "created": "2019-10-18T14:50:57.472Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain patches for known exploits.",
-      "modified": "2022-03-25T14:12:54.498Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "FireEye-RuMMS",
-          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
-          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:03:03.296Z",
-      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)",
-      "relationship_type": "uses",
-      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.954Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.777Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f",
-      "created": "2019-11-21T19:16:34.776Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CheckPoint SimBad 2019",
-          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
-          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:44:53.855Z",
-      "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7e8956e3-7d90-412d-a82f-d61e43239923",
-      "created": "2023-03-20T18:44:01.387Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:01.387Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.586Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-27T15:27:26.539Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a",
-      "created": "2023-03-20T18:53:35.012Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:35.012Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4e68feca-083f-40ed-88d8-2b6a3935c949",
-      "created": "2023-01-18T19:12:11.201Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:53:38.271Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use the Android `CallScreeningService` to silently block incoming calls.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91",
-      "created": "2020-10-29T19:21:23.187Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:42:27.975Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0",
-      "created": "2019-08-07T15:57:13.453Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d",
-      "created": "2022-04-05T17:14:23.789Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:23.789Z",
+      "modified": "2022-04-06T15:41:03.981Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa",
-      "created": "2022-04-01T16:52:36.974Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T16:52:36.974Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3",
-      "type": "relationship",
-      "created": "2020-05-04T14:04:56.189Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "modified": "2020-05-04T15:40:21.081Z",
-      "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)",
-      "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--19df76ee-fa85-43cf-96ce-422d46f29a13",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:12:48.998Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) listens for the `BOOT_COMPLETED` broadcast intent in order to maintain persistence and activate its functionality at device boot time.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187",
-      "created": "2020-09-14T14:13:45.236Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/esurv-research"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:53:16.656Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:17:40.860Z",
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) can remotely lock infected Android devices and ask for a ransom.(Citation: PaloAlto-Xbot)",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1",
-      "created": "2023-03-20T15:16:19.428Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:16:19.428Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1",
-      "created": "2022-04-05T19:48:31.354Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:48:31.354Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.183Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020",
-      "created": "2022-03-28T19:41:37.162Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates may contain patches for devices that were compromised at the supply chain level.",
-      "modified": "2022-03-28T19:41:37.162Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--0330db55-06e0-45a2-85a6-17617a37fdaf",
-      "created": "2022-04-06T13:57:49.186Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:57:49.186Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--f981d199-2720-467e-9dc9-eea04dbe05cf",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.914Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.914Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has looked for .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files on external storage.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7",
-      "created": "2023-03-20T15:16:28.177Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:16:28.177Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576",
-      "type": "relationship",
-      "created": "2020-09-14T14:13:45.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-14T15:39:17.961Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.374Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.374Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.961Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.961Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308",
-      "created": "2023-02-06T19:04:33.224Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:06:11.934Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can monitor notifications.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2",
-      "created": "2023-03-20T18:50:32.580Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:50:32.580Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-NotCompatible",
-          "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)",
-      "relationship_type": "uses",
-      "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac",
-      "created": "2020-06-26T15:32:25.060Z",
+      "id": "relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a",
+      "created": "2020-06-26T15:32:24.962Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -34851,20 +18806,93 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:35:13.005Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)",
+      "modified": "2023-04-05T20:42:04.769Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) hides its icon from the application drawer after being launched for the first time.(Citation: Threat Fabric Cerberus)",
       "relationship_type": "uses",
       "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e",
       "type": "relationship",
-      "id": "relationship--e889782a-f66b-448e-a466-e55b1bce7b64",
-      "created": "2023-02-28T20:38:25.598Z",
+      "created": "2019-09-03T19:45:48.496Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-14T16:47:53.226Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two extracts information from Facebook, Facebook Messenger, Gmail, IMO, Skype, Telegram, Viber, WhatsApp, and WeChat.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.610Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has been distributed in two stages.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1f31e348-a4ee-4874-891f-393c65a7640a",
+      "created": "2023-07-21T19:34:13.200Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:34:13.200Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can exfiltrate a device’s contacts.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f",
+      "created": "2023-02-28T20:39:57.194Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
@@ -34876,40 +18904,91 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-02-28T20:38:25.598Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) has encrypted C2 message bodies with RSA and encoded them in base64.(Citation: proofpoint_flubot_0421)",
+      "modified": "2023-03-31T22:07:21.417Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Domain Generation Algorithms to connect to the C2 server.(Citation: proofpoint_flubot_0421)",
       "relationship_type": "uses",
       "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435",
+      "created": "2022-04-05T19:51:08.770Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 12 Features",
+          "url": "https://developer.android.com/about/versions/12/features",
+          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
+      "modified": "2022-04-05T19:51:08.770Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--481e5d33-eca4-453c-9fec-27ee01d50989",
-      "created": "2023-02-28T21:45:41.365Z",
+      "id": "relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9",
+      "created": "2021-10-01T14:42:49.170Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-29T21:26:12.006Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view files and media.(Citation: cloudmark_tanglebot_0921)",
+      "modified": "2023-04-05T17:26:02.260Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can hide its icon.(Citation: SecureList BusyGasper)",
       "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b",
+      "created": "2020-04-08T15:51:25.128Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:29:36.827Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -34917,41 +18996,246 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e",
+      "id": "relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87",
       "type": "relationship",
-      "created": "2019-07-10T15:25:57.602Z",
+      "created": "2020-05-04T14:04:56.217Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
         }
       ],
-      "modified": "2019-08-12T17:30:07.571Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2020-05-04T15:40:21.305Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) has utilized JavaScript within WebViews that loaded a URL hosted on a Bread-controlled server which provided functions to run. [Bread](https://attack.mitre.org/software/S0432) downloads billing fraud execution steps at runtime.(Citation: Google Bread)",
       "relationship_type": "uses",
-      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--b697a198-8949-43e0-b2b8-23498373c920",
-      "created": "2023-03-20T18:37:13.628Z",
+      "id": "relationship--1f8f0021-6992-476c-ba1c-232542dc1633",
+      "created": "2023-03-20T18:58:52.857Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:37:13.628Z",
-      "description": "",
+      "modified": "2023-08-10T22:13:53.253Z",
+      "description": "On Android, the user can manage which applications have permission to access SMS messages through the device settings screen, revoking the permission if necessary.",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd",
+      "type": "relationship",
+      "created": "2020-04-08T18:55:29.205Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        },
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.565Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can exfiltrate files encrypted with the ransomware module from the device and can modify external storage.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--1fdf9c43-0237-461f-86d4-1da843078744",
+      "created": "2023-09-21T19:38:49.571Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T19:38:49.571Z",
+      "description": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--20310407-9b05-4d7b-9548-961f545e14e1",
+      "created": "2023-06-09T19:18:41.955Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-06-09T19:18:41.955Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) uses an infrequent data upload schedule to avoid user detection and battery drain. It also can delete on-device data after being sent to the C2, and stores collected data in hidden folders on external storage.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.553Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.518Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--204e30ed-5e69-400b-a814-b77e10596865",
+      "created": "2022-04-06T15:50:42.481Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:50:42.481Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f58cd69a-e548-478b-9248-8a9af881dc34",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:23:38.651Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect SMS, MMS, and Gmail messages.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438",
+      "created": "2022-03-30T20:07:19.296Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:07:19.296Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0",
+      "created": "2020-12-24T21:55:56.741Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:51:16.331Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the contact list.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86",
+      "created": "2022-04-06T13:55:37.498Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised that applications generally do not require permission to send SMS messages.",
+      "modified": "2022-04-06T13:55:37.498Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -34985,234 +19269,49 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0",
-      "created": "2022-04-11T20:05:56.540Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-11T20:05:56.540Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.726Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.726Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e",
-      "created": "2022-04-01T15:16:16.027Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Trend Micro iOS URL Hijacking",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
-          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
-      "modified": "2022-04-01T15:16:16.027Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e",
-      "created": "2020-09-14T14:13:45.299Z",
+      "id": "relationship--212801c2-5d14-4381-b25a-340cda11a5ac",
+      "created": "2020-12-18T20:14:47.310Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout eSurv",
-          "url": "https://blog.lookout.com/esurv-research",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version has used public key encryption and certificate pinning for C2 communication.(Citation: Lookout eSurv)",
-      "modified": "2022-04-18T15:58:08.240Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has displayed a form to collect user data after installation.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-12T10:01:44.682Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.871Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Project Zero Insomnia",
-          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
-          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-24T18:24:35.795Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0",
-      "created": "2023-03-15T16:39:32.117Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:39:32.117Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--60ad088f-3133-4b0c-a441-e1e06fff1765",
-      "created": "2023-02-06T19:37:56.416Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:34:29.147Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather data about the device.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643",
-      "created": "2020-09-14T13:35:45.909Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ESET-Twitoor",
-          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
-          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)",
-      "modified": "2022-04-20T12:58:23.550Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d",
-      "created": "2020-09-11T14:54:16.587Z",
+      "id": "relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9",
+      "created": "2020-07-20T13:27:33.509Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:25:21.998Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)",
+      "modified": "2023-04-05T17:36:07.297Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s call log.(Citation: Talos-WolfRAT)",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -35220,265 +19319,57 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a",
-      "created": "2023-03-03T15:42:28.475Z",
+      "id": "relationship--22041a01-75e7-4ff6-8768-ad45188c53c7",
+      "created": "2023-02-28T21:45:25.064Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:17:24.417Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can send large amounts of device data over its C2 channel, including the device’s manufacturer, model, version and serial number, telephone number, and IP address.(Citation: lookout_abstractemu_1021)",
+      "modified": "2023-03-01T22:03:00.755Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can obtain a list of installed applications.(Citation: cloudmark_tanglebot_0921)",
       "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:15.991Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.803Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f",
-      "created": "2019-07-16T14:33:12.107Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Triada June 2016",
-          "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/",
-          "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019."
-        },
-        {
-          "source_name": "Google Triada June 2019",
-          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
-          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150",
-      "type": "relationship",
-      "created": "2020-05-11T16:37:36.673Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "source_name": "ThreatFabric Ginp"
-        }
-      ],
-      "modified": "2020-05-11T16:37:36.673Z",
-      "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519",
-      "created": "2022-04-05T17:03:53.457Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:03:53.457Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b",
-      "created": "2019-12-10T16:07:41.081Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:47:53.438Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) replaces `/system/bin/ip` with a malicious version. [Dvmap](https://attack.mitre.org/software/S0420) can inject code by patching `libdmv.so` or `libandroid_runtime.so`, depending on the Android OS version. Both libraries are related to the Dalvik and ART runtime environments. The patched functions can only call `/system/bin/ip`, which was replaced with the malicious version.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.804Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.804Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has the capability to remotely load plugins and download and compile new .NET code.(Citation: Talos GPlayed) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f",
-      "created": "2023-03-20T15:55:32.395Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:55:32.395Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d",
-      "created": "2023-03-20T18:38:36.873Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:38:36.873Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.421Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.421Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
       "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429",
       "type": "relationship",
-      "id": "relationship--1317fb3d-ded3-4b84-8007-147f3b02948a",
-      "created": "2022-04-05T19:52:38.539Z",
-      "x_mitre_version": "0.1",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CSRIC-WG1-FinalReport",
-          "description": "CSRIC-WG1-FinalReport"
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC-WG1-FinalReport) ",
-      "modified": "2022-04-05T19:52:38.539Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-07-20T13:49:03.687Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--049b0c71-63e3-47ce-bb0b-149df0344b15",
-      "created": "2020-12-24T21:45:56.965Z",
+      "id": "relationship--22334426-e99f-4e97-b4dd-17e297da4118",
+      "created": "2020-12-24T21:55:56.696Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -35491,104 +19382,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:15:59.861Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access device contacts.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-04-05T20:23:54.777Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.764Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.379Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861",
-      "created": "2021-02-08T16:36:20.711Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:06:46.369Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included SMS message exfiltration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2",
-      "created": "2023-03-20T19:00:26.780Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T19:00:26.780Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:32:29.636Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -35599,142 +19396,45 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06",
+      "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-07-15T20:20:59.316Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the victim for status and disables other access to the phone by other jailbreaking software.(Citation: Lookout-Pegasus)",
+      "modified": "2020-07-15T20:20:59.316Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)",
       "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--22755928-b0e1-4004-a89e-5f5ea2504cf8",
+      "created": "2023-08-04T18:32:57.089Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--04530307-22d8-4a06-9056-55eea225fabb",
-      "type": "relationship",
-      "created": "2019-07-10T15:35:43.710Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
-        }
-      ],
-      "modified": "2019-08-09T18:06:11.842Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves messages and decryption keys for popular messaging applications and other accounts stored on the device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2023-08-04T18:32:57.089Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can record environmental and call audio.(Citation: lookout_hornbill_sunbird_0221)",
       "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328",
-      "created": "2022-03-30T19:34:09.377Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:34:09.377Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d01b311d-8741-4b58-b127-88fecb2b0544",
-      "created": "2020-04-08T15:41:19.448Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) has a keylogger that works in every application installed on the device.(Citation: Cofense Anubis)",
-      "modified": "2022-04-15T17:33:02.327Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d13724d0-a5e2-433b-86bf-ead04359edec",
-      "created": "2022-04-01T15:13:10.022Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "iOS Universal Links",
-          "url": "https://developer.apple.com/ios/universal-links/",
-          "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020."
-        },
-        {
-          "source_name": "Android App Links",
-          "url": "https://developer.android.com/training/app-links/verify-site-associations",
-          "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020."
-        },
-        {
-          "source_name": "IETF-PKCE",
-          "url": "https://tools.ietf.org/html/rfc7636",
-          "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ",
-      "modified": "2022-04-01T15:13:10.022Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d170a088-b115-4a86-b093-8aa32666a470",
-      "created": "2023-03-15T16:39:55.148Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:39:55.148Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -35743,132 +19443,8 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446",
-      "created": "2020-12-14T14:52:03.294Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:26:37.661Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect SMS messages.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.548Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:00:43.490Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.505Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.505Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590",
-      "created": "2019-09-23T13:36:08.543Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:57:05.633Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a408dee-07da-4855-b2ff-be512480ccb5",
-      "created": "2023-01-19T18:08:41.596Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-29T21:18:05.095Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can gather device UDIDs.(Citation: trendmicro_tianyspy_0122) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9",
-      "created": "2020-04-24T17:46:31.598Z",
+      "id": "relationship--22773074-4a95-48e0-905f-688ce048b5ed",
+      "created": "2020-04-24T17:46:31.593Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -35881,127 +19457,10 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:51:43.135Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2023-04-05T20:53:51.524Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can prevent the user from interacting with the UI by showing a WebView with a persistent cursor.(Citation: SecurityIntelligence TrickMo)",
       "relationship_type": "uses",
       "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.110Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fbdbddd7-4980-4061-9192-24a887bc6bad",
-      "type": "relationship",
-      "created": "2020-12-07T14:28:32.141Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-12-07T14:28:32.141Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can open a SOCKS proxy connection through the compromised device.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c",
-      "created": "2020-12-14T14:52:03.385Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-20T17:56:51.457Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d716163d-2492-4088-9235-b2310312ba27",
-      "created": "2022-04-06T15:44:48.422Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:44:48.422Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962",
-      "created": "2019-09-23T13:36:08.456Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:58:03.072Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
       "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -36012,22 +19471,256 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60",
+      "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6",
       "type": "relationship",
-      "created": "2020-09-11T14:54:16.585Z",
+      "created": "2021-01-05T20:16:20.484Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
-      "modified": "2021-04-19T17:11:50.418Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t",
+      "modified": "2021-01-05T20:16:20.484Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--22f5308c-77ee-4198-be1c-54062aa6a613",
+      "created": "2020-12-31T18:25:05.160Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:00:13.616Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.693Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) retrieves a list of all applications installed on the device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081",
+      "created": "2023-01-18T19:19:01.740Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:52:20.587Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use Accessibility Services to disable Google Play Protect.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2",
+      "created": "2023-01-18T19:57:13.265Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:43:35.115Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use Accessibility Services to detect which process is in the foreground.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798",
+      "type": "relationship",
+      "created": "2020-10-29T19:01:13.854Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:01:13.854Z",
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has employed both name mangling and meaningless variable names in source. [AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has stored encrypted payload code in the Assets directory, coupled with a custom decryption routine that assembles a .dex file by passing data through Android Intent objects. (Citation: Microsoft MalLockerB)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--23ecc134-0623-45ec-b8b5-52516483bda1",
+      "created": "2023-04-14T14:10:04.452Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-14T14:10:04.452Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) has used code abstraction and anti-emulation checks to potentially avoid running while under analysis.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f",
+      "created": "2022-04-01T18:52:13.171Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
+      "modified": "2022-04-01T18:52:13.171Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--242dc659-c205-4e9e-95f9-14fee66195af",
+      "created": "2022-04-01T15:29:36.082Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Configuration of per-app VPN policies instead of device-wide VPN can restrict access to internal enterprise resource access via VPN to only enterprise-approved applications",
+      "modified": "2022-04-01T15:29:36.082Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.318Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.318Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) uses foreground persistence to keep a service running. It shows the user a transparent notification to evade detection.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.949Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.949Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -36036,45 +19729,40 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0",
-      "created": "2022-04-01T15:02:04.528Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--24bcb2cd-1532-4e98-a485-a55e06d2577d",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Apple regularly provides security updates for known OS vulnerabilities. ",
-      "modified": "2022-04-01T15:02:04.528Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "description": "",
+      "modified": "2022-04-06T15:41:16.865Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2",
+      "target_ref": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484",
-      "created": "2019-09-04T15:38:56.877Z",
+      "id": "relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48",
+      "created": "2020-09-24T15:34:51.298Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "CyberMerchants-FlexiSpy",
-          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
-          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
-        },
-        {
-          "source_name": "FlexiSpy-Features",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
-          "url": "https://www.flexispy.com/en/features-overview.htm"
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:32:16.401Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)",
+      "modified": "2023-04-05T20:24:09.872Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can intercept SMS messages.(Citation: Lookout-Dendroid)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -36083,8 +19771,86 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--a563fc97-a452-4348-a831-f4fb55c71e35",
-      "created": "2023-03-03T16:22:45.712Z",
+      "id": "relationship--25466097-53c6-4dc7-8409-197758e88673",
+      "created": "2023-08-16T16:45:11.580Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:45:11.580Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can download HTML overlay pages after installation.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--25655385-5b0d-4700-a59f-d5d043625b84",
+      "created": "2023-02-06T18:50:50.273Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:13:16.813Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use rooting exploits to silently give itself permissions or install additional malware.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527",
+      "created": "2019-09-04T14:28:16.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:57:56.616Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3",
+      "created": "2023-03-03T16:26:48.531Z",
       "revoked": false,
       "external_references": [
         {
@@ -36096,483 +19862,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-03T16:22:45.712Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used fake Verisign and Symantec certificates to bypass malware detection systems. [YiSpecter](https://attack.mitre.org/software/S0311) has also signed malicious apps with iOS enterprise certificates to work on non-jailbroken iOS devices.(Citation: paloalto_yispecter_1015)",
+      "modified": "2023-03-03T16:26:48.531Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected compromised device MAC addresses.(Citation: paloalto_yispecter_1015)",
       "relationship_type": "uses",
       "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5b04c8d0-c026-4838-9383-e4146de36d4d",
-      "created": "2023-03-16T18:33:19.941Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:33:19.941Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc",
-      "created": "2023-02-28T20:37:01.639Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:13:55.642Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use `locale.getLanguage()` to choose the language for notifications and avoid user detection.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9",
-      "created": "2023-03-20T18:51:07.547Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:07.547Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81",
-      "created": "2022-04-05T20:03:46.789Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T20:03:46.789Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9e95ef68-0650-49eb-888f-47c211481be9",
-      "created": "2023-03-20T18:51:40.217Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:40.217Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288",
-      "created": "2020-07-15T20:20:59.291Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:38:15.470Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
-        }
-      ],
-      "modified": "2019-08-09T18:08:07.144Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599",
-      "type": "relationship",
-      "created": "2020-07-20T13:27:33.512Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.531Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3",
-      "created": "2023-03-16T13:32:02.290Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T13:32:02.290Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d",
-      "created": "2019-10-18T14:50:57.491Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities.",
-      "modified": "2022-03-30T15:52:58.256Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1",
-      "type": "relationship",
-      "created": "2020-06-26T14:55:13.289Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T14:55:13.289Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--10c07066-df05-4dff-bb95-c76be02ea4ef",
-      "created": "2020-09-14T14:13:45.291Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout eSurv",
-          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/esurv-research"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:30:00.975Z",
-      "description": "[eSurv](https://attack.mitre.org/software/S0507) imposes geo-restrictions when delivering the second stage.(Citation: Lookout eSurv)",
-      "relationship_type": "uses",
-      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103",
-      "created": "2019-09-23T13:36:08.341Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T16:58:27.974Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can communicate with the command and control server using JSON payloads sent in HTTP POST request bodies. It can also communicate by using JSON messages sent through Google Cloud Messaging.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1",
-      "created": "2020-06-26T15:32:25.002Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)",
-      "modified": "2022-04-15T17:33:17.868Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.485Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.117Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) has the ability to record audio.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e",
-      "created": "2022-04-01T17:05:56.046Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "On Android 11 and up, users are not prompted with the option to select “Allow all the time” and must navigate to the settings page to manually select this option. On iOS 14 and up, users can select whether to provide Precise Location for each installed application. ",
-      "modified": "2022-04-01T17:05:56.046Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6",
-      "created": "2020-09-11T16:22:03.266Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:33:34.466Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect SMS messages.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc",
-      "created": "2020-04-08T15:41:19.400Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:17:41.320Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can modify administrator settings and disable Play Protect.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ca486783-9413-4f39-8d2f-3adcb3e79127",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.657Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.657Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used an AES encrypted file in the assets folder with an unsuspecting name (e.g. ‘GoogleMusic.png’) for holding configuration and C2 information.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--56758bb5-230e-43ac-9851-167c296c3dfa",
-      "created": "2023-03-20T18:38:27.730Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:38:27.730Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -36607,24 +19901,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030",
-      "created": "2022-03-30T20:42:04.251Z",
+      "id": "relationship--268c12df-d3bc-46fa-99e9-32caab50b175",
+      "created": "2022-03-30T15:52:09.759Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.",
-      "modified": "2022-03-30T20:42:04.251Z",
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T15:52:09.759Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf",
-      "created": "2020-06-02T14:32:31.891Z",
+      "id": "relationship--269d4409-e287-4ef3-b5f3-765ec03e503e",
+      "created": "2020-06-02T14:32:31.900Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -36637,11 +19931,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:51:44.262Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)",
+      "modified": "2023-04-05T21:18:38.700Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) grants itself permissions by injecting its hash into the kernel’s trust cache.(Citation: Google Project Zero Insomnia)",
       "relationship_type": "uses",
       "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -36651,30 +19945,43 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39",
       "type": "relationship",
-      "created": "2020-04-08T15:41:19.364Z",
+      "id": "relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7",
+      "created": "2022-04-01T18:45:11.299Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them.",
+      "modified": "2022-04-01T18:45:11.299Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2020-04-08T15:41:19.364Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
+      "type": "relationship",
+      "id": "relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51",
+      "created": "2022-04-01T12:37:17.515Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "OS feature updates often enhance security and privacy around permissions. ",
+      "modified": "2022-04-01T12:37:17.515Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0",
-      "created": "2023-02-06T19:42:34.537Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--27050442-e578-44b7-9534-ada78824befe",
+      "created": "2023-02-06T19:45:09.612Z",
       "revoked": false,
       "external_references": [
         {
@@ -36686,62 +19993,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-11T22:08:03.095Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can resist removal by going to the home screen during uninstall.(Citation: threatfabric_sova_0921)",
+      "modified": "2023-02-06T19:45:09.612Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can intercept and read SMS messages.(Citation: threatfabric_sova_0921)",
       "relationship_type": "uses",
       "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--76cc66f4-ce85-4873-a63e-879b4a14a540",
-      "created": "2023-03-03T16:23:20.764Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:23:20.764Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has connected to the C2 server via HTTP.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -36752,439 +20008,25 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d",
+      "id": "relationship--271a311f-71bc-4558-a314-0edfbec44b64",
       "type": "relationship",
-      "created": "2019-09-03T19:45:48.505Z",
+      "created": "2019-11-21T16:42:48.495Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
         }
       ],
-      "modified": "2019-09-11T13:25:19.178Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads  [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ",
+      "modified": "2019-11-21T16:42:48.495Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) collects device information, including the device model and OS version.(Citation: SecureList - ViceLeaker 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f",
-      "created": "2019-10-18T14:50:57.494Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates often contain patches for vulnerabilities.",
-      "modified": "2022-04-11T14:26:44.192Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab",
-      "created": "2020-09-11T14:54:16.589Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can be controlled using SMS messages.(Citation: Lookout Desert Scorpion)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb",
-      "created": "2019-08-09T16:19:02.782Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Android Capture Sensor 2019",
-          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
-          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ",
-      "modified": "2022-04-01T15:21:13.296Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--24a7379e-a994-411b-b17c-add6c6c6fc07",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.949Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.949Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has hidden malicious functionality in a second stage file and has encrypted C2 server information.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.175Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0",
-      "type": "relationship",
-      "created": "2020-12-24T21:55:56.692Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:55:56.692Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--078653a6-3613-4923-ae5a-1bccb8552e67",
-      "type": "relationship",
-      "created": "2020-09-11T16:22:03.250Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout ViperRAT",
-          "url": "https://blog.lookout.com/viperrat-mobile-apt",
-          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T16:22:03.250Z",
-      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) has been installed in two stages and can secretly install new applications.(Citation: Lookout ViperRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3",
-      "created": "2020-04-08T15:41:19.404Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:18:13.761Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0bb6f851-4302-4936-a98e-d23feecb234d",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.777Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Volexity Insomnia",
-          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
-          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
-        }
-      ],
-      "modified": "2020-06-02T14:32:31.777Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) exploits a WebKit vulnerability to achieve root access on the device.(Citation: Volexity Insomnia)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--05563777-5771-4bd6-a1af-3e244cf42372",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Xiao-KeyRaider",
-          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples search to find the Apple account's username, password and device's GUID in data being transferred.(Citation: Xiao-KeyRaider)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251",
-      "type": "relationship",
-      "created": "2020-07-20T13:58:53.610Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-09-24T15:12:24.302Z",
-      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3",
-      "created": "2020-07-15T20:20:59.287Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:53:17.865Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369",
-      "created": "2023-02-02T17:46:27.077Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:43:17.131Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can exfiltrate captured user credentials and event logs back to the C2 server. (Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b",
-      "created": "2020-09-11T14:54:16.638Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:36:55.810Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--fa5f3aea-2131-4690-8833-dc428fae2b22",
-      "created": "2023-01-18T21:38:34.350Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:57:53.504Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept notifications to send to the C2 server and take advantage of the Direct Reply feature.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d64c4924-76f0-4b2e-858d-b0df733334d0",
-      "created": "2023-02-06T19:03:11.265Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:23:09.430Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can modify system settings to give itself device administrator privileges.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024",
-      "created": "2022-04-15T18:11:06.097Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Skycure-Profiles",
-          "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016.",
-          "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:28:11.000Z",
-      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -37210,925 +20052,87 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--ed48a86f-e55f-4abf-8f18-98591b756399",
-      "created": "2023-03-03T16:19:30.443Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:19:30.443Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hidden the app icon from iOS springboard.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd",
-      "type": "relationship",
-      "created": "2020-09-11T14:54:16.644Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
-        }
-      ],
-      "modified": "2020-09-11T14:54:16.644Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)",
-      "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83",
-      "type": "relationship",
-      "created": "2020-12-24T21:45:56.986Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T21:45:56.986Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can install new applications which are obtained from the C2 server.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--27490b14-8044-408a-8c6a-6d8427eb78ff",
+      "created": "2023-03-20T18:44:26.233Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "NYTimes-BackDoor",
-          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
-          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:53:24.312Z",
-      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted contact lists.(Citation: NYTimes-BackDoor)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9",
-      "created": "2018-10-17T00:14:20.652Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CheckPoint-Judy",
-          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/",
-          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Judy](https://attack.mitre.org/software/S0325) uses infected devices to generate fraudulent clicks on advertisements to generate revenue.(Citation: CheckPoint-Judy)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db",
-      "type": "relationship",
-      "created": "2019-08-09T17:59:48.988Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-08-09T17:59:48.988Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record and take pictures using the front and back cameras.(Citation: Lookout-StealthMango)",
-      "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "source_name": "PaloAlto-SpyDealer"
-        }
-      ],
-      "modified": "2019-09-18T13:45:58.872Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be",
-      "created": "2021-02-17T20:43:52.337Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020.",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:30:32.294Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.760Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195",
-      "created": "2019-10-18T14:50:57.473Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "OS security updates typically contain exploit patches when disclosed.",
-      "modified": "2022-03-28T19:20:44.337Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898",
-      "created": "2019-09-04T14:28:16.414Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:41:16.423Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68",
-      "created": "2020-06-26T14:55:13.311Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:25:08.956Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--35927c96-7645-4ef3-b3da-e44822386a10",
-      "created": "2023-01-18T21:43:10.838Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "nccgroup_sharkbot_0322",
-          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
-          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:47:19.403Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) contains domain generation algorithms to use as backups in case the hardcoded C2 domains are unavailable.(Citation: nccgroup_sharkbot_0322)",
-      "relationship_type": "uses",
-      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733",
-      "created": "2021-10-01T14:42:49.154Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.524Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.524Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120",
-      "type": "relationship",
-      "created": "2020-07-27T14:14:56.962Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
-        }
-      ],
-      "modified": "2020-08-10T22:18:20.747Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081",
-      "type": "relationship",
-      "created": "2019-09-04T14:28:16.000Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.856Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
-        }
-      ],
-      "modified": "2019-10-10T15:24:09.248Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) collects the device's location.(Citation: Zscaler-SpyNote)",
-      "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--98ae9cb2-1141-48c6-81fd-f16adb430031",
-      "created": "2023-01-18T19:17:07.565Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:07:52.850Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_EXTERNAL_STORAGE` and `WRITE_EXTERNAL_STORAGE` Android permissions.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--22f5308c-77ee-4198-be1c-54062aa6a613",
-      "created": "2020-12-31T18:25:05.160Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:00:13.616Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has used HTTPS for C2 communication.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69",
-      "created": "2020-04-08T15:51:25.078Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can use a multi-step phishing overlay to capture banking credentials and then credit card numbers after login.(Citation: ThreatFabric Ginp)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695",
-      "type": "relationship",
-      "created": "2021-02-08T16:36:20.799Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
-        }
-      ],
-      "modified": "2021-05-24T13:16:56.589Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8",
-      "created": "2023-03-01T22:18:19.004Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:14:48.174Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can send contact lists to its C2 server.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e",
-      "created": "2022-03-30T19:29:07.379Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
-      "modified": "2022-03-30T19:29:07.379Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15",
-      "type": "relationship",
-      "created": "2020-04-24T15:06:33.319Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T15:06:33.319Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)",
-      "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4",
-      "type": "relationship",
-      "created": "2020-09-11T15:57:37.770Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-09-11T15:57:37.770Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2",
-      "created": "2020-09-15T15:18:12.460Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:58:31.945Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e",
-      "type": "relationship",
-      "created": "2019-09-23T13:36:08.386Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-09-23T13:36:08.386Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad",
-      "created": "2022-04-05T19:45:03.117Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T19:45:03.117Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783",
-      "created": "2023-03-20T18:55:51.580Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:55:51.580Z",
-      "description": "",
+      "modified": "2023-08-08T16:44:47.944Z",
+      "description": "The user can review which applications have location and sensitive phone information permissions in the operating system’s settings menu. ",
       "relationship_type": "detects",
       "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9",
+      "created": "2023-02-28T21:42:52.037Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6",
-      "type": "relationship",
-      "created": "2021-01-05T20:16:20.484Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
-        }
-      ],
-      "modified": "2021-01-05T20:16:20.484Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can track the device’s location.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2023-03-29T21:25:22.438Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request location permissions.(Citation: cloudmark_tanglebot_0921)",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196",
-      "type": "relationship",
-      "created": "2020-12-18T20:14:47.367Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-18T20:14:47.367Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:49:19.083Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:26:35.443Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3",
-      "created": "2023-02-28T20:31:31.983Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T20:31:31.983Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can intercept SMS messages and USSD messages from Telcom operators.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:33:12.082Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "type": "relationship",
+      "id": "relationship--2793d721-df10-4621-8387-f3342def59a1",
+      "created": "2022-03-30T18:14:36.786Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e",
-      "type": "relationship",
-      "created": "2019-09-03T20:08:00.757Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.380Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0",
-      "type": "relationship",
-      "created": "2019-09-15T15:32:17.563Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-07-09T14:07:02.315Z",
-      "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.",
+      "revoked": false,
+      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
+      "modified": "2022-03-30T18:14:36.786Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a",
+      "id": "relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2020-07-15T20:20:59.377Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "source_name": "Kaspersky-Skygofree"
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
         }
       ],
-      "modified": "2019-08-09T18:08:07.145Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)",
+      "modified": "2020-07-15T20:20:59.377Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect all accounts stored on the device.(Citation: Bitdefender Mandrake)",
       "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
       "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38137,105 +20141,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c",
       "type": "relationship",
-      "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943",
-      "created": "2022-04-05T20:11:51.188Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ",
-      "modified": "2022-04-05T20:11:51.188Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3be6ad82-722d-4699-8e3a-c1ea60018244",
-      "created": "2023-03-16T13:32:55.140Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T13:32:55.140Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106",
-      "created": "2023-03-15T16:26:38.465Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:26:38.465Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b309c25a-6baf-4874-829d-63712a38652c",
-      "created": "2023-02-06T19:02:16.194Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:21:41.461Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself camera permissions.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0cae6859-d7d1-483b-b473-4f32084938a9",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-07-27T14:14:56.954Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
         }
       ],
-      "modified": "2019-08-09T17:52:31.818Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to record device audio.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2020-08-10T22:18:20.777Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can obtain root access via a rooting trojan in its infection chain.(Citation: Google Security Zen)",
       "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38284,26 +20205,123 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2",
+      "created": "2020-04-24T17:46:31.589Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:00:28.299Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec",
       "type": "relationship",
-      "created": "2020-05-07T15:33:32.945Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--289f5e23-088a-4840-a2a6-bab30da2a64b",
+      "created": "2022-04-01T16:51:04.584Z",
+      "x_mitre_version": "0.1",
       "external_references": [
         {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+          "source_name": "GoogleIO2016",
+          "url": "https://www.youtube.com/watch?v=XZzLjllizYs",
+          "description": "Adrian Ludwig. (2016, May 19). What's new in Android security (M and N Version). Retrieved December 9, 2016."
         }
       ],
-      "modified": "2020-05-07T15:33:32.945Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Changes were introduced in Android 7 to make abuse of device administrator permissions more difficult.(Citation: GoogleIO2016)",
+      "modified": "2022-04-01T16:51:04.584Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad",
+      "created": "2020-12-24T21:55:56.752Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:26:16.282Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploits to root devices and install additional malware on the system partition.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:36:27.983Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15",
+      "type": "relationship",
+      "created": "2021-09-24T14:47:34.447Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-04T20:08:48.439Z",
+      "description": "Device attestation can often detect rooted devices.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38311,21 +20329,2576 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e",
+      "type": "relationship",
+      "id": "relationship--29357289-362c-447c-b387-9a38b50d7296",
+      "created": "2022-04-15T17:20:06.338Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        },
+        {
+          "source_name": "Check Point-Joker",
+          "url": "https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/",
+          "description": "Hazum, A., Melnykov, B., Wernik, I.. (2020, July 9). New Joker variant hits Google Play with an old trick. Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) uses various tricks to obfuscate its strings including standard and custom encryption, programmatically building strings at runtime, and splitting unencrypted strings with repeated delimiters to break up keywords. [Bread](https://attack.mitre.org/software/S0432) has also abused Java and JavaScript features to obfuscate code. [Bread](https://attack.mitre.org/software/S0432) payloads have hidden code in native libraries and encrypted JAR files in the data section of an ELF file. [Bread](https://attack.mitre.org/software/S0432) has stored DEX payloads as base64-encoded strings in the Android manifest and internal Java classes.(Citation: Check Point-Joker)(Citation: Google Bread)",
+      "modified": "2022-04-15T17:20:06.338Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224",
+      "type": "relationship",
+      "created": "2019-09-03T20:08:00.670Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-10-10T15:19:47.960Z",
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can capture files and photos from the compromised device.(Citation: Talos Gustuff Apr 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590",
+      "created": "2019-09-23T13:36:08.543Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:57:05.633Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can access and upload the contacts list to the command and control server.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:24:38.256Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uploads incoming SMS messages to a remote command and control server.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.339Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.339Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used timer events in React Native to initiate the foreground service.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2a472430-c30e-4877-8933-2e75f1de9a01",
+      "created": "2022-03-30T14:00:45.120Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:00:45.120Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e083305c-49e7-4c87-aae8-9689213bffbe",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0",
+      "created": "2023-02-28T20:30:01.082Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:08:11.662Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can retrieve the contacts list from an infected device.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d",
+      "created": "2022-03-28T19:39:42.538Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-28T19:39:42.538Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2af26be3-f910-4700-ab14-9d14532601cc",
+      "created": "2023-07-21T19:53:32.703Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:25:51.814Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access the device’s call log.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7",
+      "created": "2023-01-18T19:19:34.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:52:35.805Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can send stolen data back to the C2 server.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7",
+      "created": "2023-03-20T18:55:33.546Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:44:31.916Z",
+      "description": "Application vetting services could look for the Android permission `android.permission.QUERY_ALL_PACKAGES`, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API `LSApplicationWorkspace` and apply extra scrutiny to applications that employ it.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9",
+      "created": "2023-03-20T18:51:07.547Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T17:20:06.469Z",
+      "description": "Network traffic analysis could reveal patterns of compromise if devices attempt to access unusual targets or resources. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.420Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.420Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved device images for exfiltration.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:37:02.853Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole call logs.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1",
+      "created": "2020-07-20T13:27:33.514Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:35:47.258Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete files from the device.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.644Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.644Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can list files stored on external storage.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6",
+      "created": "2023-01-19T18:07:26.323Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:13:32.345Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can utilize WebViews to display fake authentication pages that capture user credentials.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07",
+      "created": "2023-03-20T18:54:25.458Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:02:50.786Z",
+      "description": "The user can see persistent notifications in their notification drawer and can subsequently uninstall applications that do not belong.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2cdd5474-620c-499e-8b9c-835505febc2c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:00:45.438Z",
+      "description": "[Trojan-SMS.AndroidOS.OpFake.a](https://attack.mitre.org/software/S0308) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d89c132d-7752-4c7f-9372-954a71522985",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2ce1e63a-2e9b-4cac-9469-3fb78bf4640f",
+      "created": "2023-08-16T16:38:15.526Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:38:15.527Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can perform system checks to verify if the device is rooted or has ADB enabled and can avoid execution if found.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b",
+      "created": "2021-02-17T20:49:24.542Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:22:40.300Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) can run arbitrary shell commands.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2d3198ff-a481-47ec-ae64-13d7be706929",
+      "created": "2023-02-28T21:41:47.503Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:41:47.503Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record video from the device camera.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+          "source_name": "PaloAlto-XcodeGhost",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/"
         }
       ],
       "modified": "2018-10-17T00:14:20.652Z",
-      "description": "Some original variants of [BrainTest](https://attack.mitre.org/software/S0293) had the capability to automatically root some devices, but that behavior was not observed in later samples.(Citation: Lookout-BrainTest)",
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) can read and write data in the user’s clipboard.(Citation: PaloAlto-XcodeGhost)",
       "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.909Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.568Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.171Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1",
+      "created": "2020-12-24T21:45:56.920Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:16:17.615Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has attempted to trick users into enabling installation of applications from unknown sources.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.888Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.888Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) obfuscates various pieces of information within the application.(Citation: Volexity Insomnia) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3",
+      "created": "2020-12-18T20:14:47.316Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:50:29.535Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) checks whether its call stack has been modified, an indication that it is running in an analysis environment, and if so, does not decrypt its obfuscated strings(Citation: WhiteOps TERRACOTTA).",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0",
+      "created": "2019-09-04T20:01:42.722Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Enterprise policies should block access to the Android Debug Bridge (ADB) by preventing users from enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development). An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features. ",
+      "modified": "2022-04-01T13:32:19.919Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2e7f8995-93ae-41bb-9baf-53178341d93e",
+      "created": "2021-02-08T16:36:20.630Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:06:00.885Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has deployed anti-analysis capabilities during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e826926-fd5b-407c-adbc-e998058728d3",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.786Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.139Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record both incoming and outgoing phone calls, as well as microphone audio.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2e913583-123a-47af-8872-98fc12ab4a6a",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.846Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can send SMS messages.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055",
+      "created": "2020-01-27T17:05:58.310Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:28:20.439Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect SMS messages.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76",
+      "created": "2019-10-18T14:50:57.472Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain patches for known exploits.",
+      "modified": "2022-03-25T14:12:54.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2f41ab75-3490-4642-8111-9d4d43b88df7",
+      "created": "2023-08-04T18:32:23.019Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T20:40:40.079Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can take screenshots and abuse accessibility services to scrape BlackBerry Messenger and WhatsApp messages, contacts, and notifications(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327",
+      "created": "2022-04-01T18:53:48.715Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:53:48.715Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3",
+      "type": "relationship",
+      "created": "2021-04-19T14:29:46.530Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T14:29:46.530Z",
+      "description": " [SilkBean](https://attack.mitre.org/software/S0549) can send SMS messages.(Citation: Lookout Uyghur Campaign) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7",
+      "created": "2023-03-15T16:26:04.949Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:34:52.478Z",
+      "description": "The user can also inspect and modify the list of applications that have notification access through the device settings (e.g. Apps & notification -> Special app access -> Notification access). ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2f9c31d2-2e6c-4e95-9058-c9a8def46865",
+      "created": "2023-09-28T17:21:02.298Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:21:02.298Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can take photos using the device cameras.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2",
+      "created": "2022-04-01T13:27:29.919Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:27:29.920Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e8b4e1ec-8e3b-484c-9038-4459b1ed8060",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--2fdcc49e-1875-4618-b3c5-c0ecfab97386",
+      "created": "2023-08-04T19:02:39.950Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:02:39.950Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) has impersonated chat applications such as Fruit Chat, Cucu Chat, and Kako Chat.(Citation: lookout_hornbill_sunbird_0221) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--300c824d-5586-411b-b274-8941a99a98fb",
+      "created": "2022-03-30T14:06:01.859Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T14:06:01.859Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3057267c-fdd5-41d8-a9d8-76c0a87b28fa",
+      "created": "2023-08-07T17:12:44.013Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T17:12:44.013Z",
+      "description": "Mobile security products can often alert the user if their device is vulnerable to known exploits.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--30ab9ce7-5369-402a-94ee-f8452642acb9",
+      "created": "2022-03-30T19:50:37.739Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:50:37.739Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8e27551a-5080-4148-a584-c64348212e4f",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3115a062-e7d0-4eac-9d78-9a9c797e7546",
+      "created": "2023-07-21T19:53:45.997Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:53:45.997Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can request camera permissions.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-07-16T15:35:21.063Z",
+      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f",
+      "created": "2022-03-30T18:14:04.881Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Symantec-iOSProfile2",
+          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
+          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
+        },
+        {
+          "source_name": "Android-TrustedCA",
+          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
+          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
+      "modified": "2022-03-30T18:14:04.881Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--319d46b5-de41-4f23-9001-2fa75f954720",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:01:14.020Z",
+      "description": "[Trojan-SMS.AndroidOS.Agent.ao](https://attack.mitre.org/software/S0307) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a1867c56-8c86-455a-96ad-b0d5f7e2bc17",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--322d0123-ea4c-4562-a718-672952c83d05",
+      "created": "2023-03-20T18:55:54.372Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:35:51.271Z",
+      "description": "Application vetting services could look for misuse of dynamic libraries.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2",
+      "created": "2017-10-25T14:48:53.742Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.",
+      "modified": "2022-04-01T15:34:50.556Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3272111a-f31d-47d5-a266-1749255b5016",
+      "created": "2019-09-23T13:36:08.335Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can be controlled through SMS messages.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--327d0102-2113-4e12-be68-504db097a6fd",
+      "created": "2019-08-07T15:57:13.409Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:01:31.230Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) communicates with the command and control server using HTTP requests.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--32958f57-ad9b-4fe1-abf3-6f92df895014",
+      "type": "relationship",
+      "created": "2019-08-05T13:22:03.917Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.873Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) stores domain information and URL paths as hardcoded AES-encrypted, base64-encoded strings.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--32be51e2-f74d-441f-aa0d-952697a76494",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019."
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.599Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses a `FileObserver` object to monitor the Skype and WeChat database file and shared preferences to retrieve chat messages, account information, and profile pictures of the account owner and chat participants. [FlexiSpy](https://attack.mitre.org/software/S0408) can also spy on popular applications, including Facebook, Hangouts, Hike, Instagram, Kik, Line, QQ, Snapchat, Telegram, Tinder, Viber, and WhatsApp.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--33316f49-f1fb-453a-9ba7-d6889982a010",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.516Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can obtain a list of installed applications.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3364dd33-c012-4aaf-852b-86e63bd724ac",
+      "created": "2023-02-06T19:38:22.312Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        },
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T22:06:53.022Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather session cookies from infected devices. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also abuse Accessibility Services to steal Google Authenticator tokens.(Citation: threatfabric_sova_0921)(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--33857221-2543-4a7f-8255-b0d140d70ad7",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.461Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.686Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record call audio.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--34351abd-1f58-420a-a893-ad822839815d",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:33:36.294Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures call logs.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.396Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-16T20:52:21.426Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--348d1acd-3f37-4523-95cd-ae002c02c975",
+      "created": "2023-08-23T22:17:46.116Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-23T22:17:46.116Z",
+      "description": "Users should be wary of iMessages from unknown senders. Additionally, users should be instructed not to open unrecognized links or other attachments in text messages.  ",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.094Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f",
+      "created": "2019-11-21T19:16:34.776Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:44:53.855Z",
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) registers for the `BOOT_COMPLETED` and `USER_PRESENT` broadcast intents, which allows the software to perform actions after the device is booted and when the user is using the device, respectively.(Citation: CheckPoint SimBad 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--34b6abb0-d199-46bb-af21-b65560e75658",
+      "created": "2022-04-01T19:06:40.361Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T19:06:40.361Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--34dd5c26-eec9-4288-8e53-677271d490b2",
+      "created": "2023-01-18T19:46:02.646Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:43:57.834Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use accessibility event logging to steal data in text fields.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--34f9aed0-48a7-4815-8456-5541a7b8210f",
+      "created": "2019-09-04T14:28:16.487Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the user's keystrokes.(Citation: Lookout-Monokle)",
+      "modified": "2022-04-15T17:34:52.414Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--352fabc8-48fe-4190-92b3-49b00348bb22",
+      "created": "2019-03-11T15:13:40.454Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Anserver",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/android-malware-uses-blog-posts-as-cc/",
+          "description": "Karl Dominguez. (2011, October 2). Android Malware Uses Blog Posts as C&C. Retrieved February 6, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) uses encrypted content within a blog site for part of its command and control. Specifically, the encrypted content contains URLs for other servers to be used for other aspects of command and control.(Citation: TrendMicro-Anserver)",
+      "modified": "2022-04-18T19:04:48.388Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--35453bbb-c9b3-4421-8452-95efdd290d21",
+      "type": "relationship",
+      "created": "2021-01-20T16:01:19.323Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zimperium z9",
+          "url": "https://blog.zimperium.com/how-zimperiums-z9-detected-unknown-mobile-malware-overlooked-by-the-av-industry/",
+          "description": "zLabs. (2019, November 12).  How Zimperium’s z9 Detected Unknown Mobile Malware Overlooked by the AV Industry . Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.323Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of running processes.(Citation: Zimperium z9)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3565140f-1570-494d-9d6f-91c9203ece69",
+      "created": "2023-03-20T18:52:29.821Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T17:14:40.565Z",
+      "description": "Usage of insecure or malicious third-party libraries could be detected by application vetting services. Malicious software development tools could be detected by enterprises that deploy endpoint protection software on computers that are used to develop mobile apps. Application vetting could detect the usage of insecure or malicious third-party libraries.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--35927c96-7645-4ef3-b3da-e44822386a10",
+      "created": "2023-01-18T21:43:10.838Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:47:19.403Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) contains domain generation algorithms to use as backups in case the hardcoded C2 domains are unavailable.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3598ab6e-9271-40ca-9771-b9a6bbce497c",
+      "created": "2023-08-16T16:44:09.459Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:44:09.459Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can use HTTP to communicate with the C2 server.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--35a12ae8-562d-4e24-979e-ef970dde0b94",
+      "created": "2022-04-15T17:52:24.125Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-15T17:52:24.125Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--3b0b604f-10db-41a0-b54c-493124d455b9",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) tricks the user into sending SMS messages to premium services and then deletes those messages.(Citation: Wandera-RedDrop)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3",
+      "created": "2020-11-24T17:55:12.830Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:21:42.102Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can read SMS messages.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--36268322-9f5e-4749-8760-6430178a3d68",
+      "created": "2020-06-26T14:55:13.311Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:25:08.956Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can intercept SMS messages.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--36298fd6-d909-4490-8a04-095aef9ffafe",
+      "type": "relationship",
+      "created": "2020-11-20T15:54:07.747Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T15:54:07.747Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can record audio from the microphone and phone calls.(Citation: Symantec GoldenCup) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "url": "https://www.wandera.com/reddrop-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:01:48.463Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses HTTP requests for C2 communication.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--36c71b5d-e453-488c-ae63-8fb063924c27",
+      "created": "2023-08-10T21:57:51.879Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T21:57:51.879Z",
+      "description": "The user can review available call logs for irregularities, such as missing or unrecognized calls.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--370bf74f-7499-4d66-9626-a61926af8f84",
+      "created": "2023-09-21T22:32:19.683Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T22:32:19.683Z",
+      "description": "Application vetting services may detect when an application requests permissions after an application update.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.074Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.074Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can update the malicious payload module on command.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.885Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.885Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "HackerNews-OldBoot",
+          "description": "Sudhir K Bansal. (2014, January 28). First widely distributed Android bootkit Malware infects more than 350,000 Devices. Retrieved December 21, 2016.",
+          "url": "http://thehackernews.com/2014/01/first-widely-distributed-android.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[OldBoot](https://attack.mitre.org/software/S0285) uses escalated privileges to modify the init script on the device's boot partition to maintain persistence.(Citation: HackerNews-OldBoot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2074b2ad-612e-4758-adce-7901c1b49bbc",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.688Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.688Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--37d14338-b629-4b54-b734-446789b79f6f",
+      "created": "2023-10-10T15:33:57.641Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:57.641Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) has used icons from popular applications.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--37fd2f2a-e4f4-4d39-8698-d17305fb2517",
+      "created": "2023-08-16T16:45:37.235Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-15T19:17:24.158Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can communicate over port 7242 using HTTP.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--383e5b12-061e-45c6-911b-b37187dd9254",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.701Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.399Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included file enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3841024e-1047-40fa-9e25-ac6d5c14612a",
+      "created": "2023-02-28T21:41:22.768Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:25:52.302Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view device contacts.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3857f790-6ea1-4f37-8d90-90904f175d63",
+      "created": "2023-01-18T21:37:55.717Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:48:17.771Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has C2 commands that can uninstall the app from the infected device.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91",
+      "created": "2020-10-29T19:21:23.187Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:42:27.975Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can hide its icon and create a shortcut based on the C2 server response.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--386b0a9f-9951-4717-8bce-30c8fbe05050",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:24.955Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:24.955Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) uses standard payload and string obfuscation techniques.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--38962b26-7cbe-4761-8b4f-50a022167c4d",
+      "created": "2019-09-03T20:08:00.708Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) checks for antivirus software contained in a predefined list.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T16:55:56.825Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951",
+      "created": "2023-01-19T18:08:14.716Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-01T16:50:04.964Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) has encrypted C2 details, email addresses, and passwords.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4",
+      "created": "2023-03-30T15:18:37.934Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-30T15:18:37.934Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can take screenshots and abuse the Android Screen Cast feature to capture screen data.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.310Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.310Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can send SMS messages.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d",
+      "created": "2020-09-11T14:54:16.587Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:25:21.998Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can retrieve SMS messages.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--393300c4-6852-466d-a163-1d51330fe055",
+      "created": "2023-03-20T18:45:39.292Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:40:52.983Z",
+      "description": "Mobile security products can potentially detect jailbroken devices.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a",
+      "created": "2020-11-20T16:37:28.591Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:02:09.253Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has communicated with the C2 using MQTT and HTTP.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2",
+      "created": "2023-03-20T19:00:26.780Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:04:24.775Z",
+      "description": "Application vetting services could potentially detect the usage of APIs intended for artifact hiding.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0",
+      "created": "2022-04-11T20:05:56.540Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-11T20:05:56.540Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3a18f41d-876c-403a-80cc-47ef57ae630d",
+      "created": "2023-09-25T19:53:56.034Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-25T19:53:56.034Z",
+      "description": "Remote access software typically requires many privileged permissions, such as accessibility services or device administrator. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3a282967-0536-474d-8831-30cd60b818a9",
+      "created": "2023-09-28T17:20:38.294Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:20:38.294Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can initiate phone calls.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a",
+      "created": "2022-04-01T14:51:51.593Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to notifications. ",
+      "modified": "2022-04-01T14:51:51.593Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3abc80ad-4ea0-4e91-a170-f040469c2083",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.483Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.688Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can take photos and videos.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd",
+      "created": "2022-04-01T15:02:43.475Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:02:43.475Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--27f483c6-6666-44fa-8532-ffd5fc7dab38",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265",
+      "created": "2021-04-19T14:29:46.510Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:15:42.930Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has used HTTPS for C2 communication.(Citation: Lookout Uyghur Campaign) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ae62d66-6405-413f-86e3-ccdb66fac7ba",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:41:33.829Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9",
+      "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:02:40.717Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used HTTP uploads to a URL as a command and control mechanism.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3b24a287-36e1-49b9-811d-c0080147ff57",
+      "created": "2023-03-20T18:41:47.754Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T22:45:47.105Z",
+      "description": "Command-line activities can potentially be detected through Mobile Threat Defense (MTD) integrations with lower-level OS APIs. This could grant the MTD agents access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3be6ad82-722d-4699-8e3a-c1ea60018244",
+      "created": "2023-03-16T13:32:55.140Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:29:15.000Z",
+      "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb",
+      "created": "2022-04-05T19:46:05.853Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Samsung Keyboards",
+          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
+          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)",
+      "modified": "2022-04-05T19:46:05.853Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.515Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.216Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
       "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38335,24 +22908,17 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1",
-      "created": "2020-10-29T17:48:27.272Z",
+      "id": "relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414",
+      "created": "2019-10-18T14:50:57.521Z",
       "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)",
-      "modified": "2022-04-15T16:53:00.735Z",
+      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
+      "modified": "2022-03-30T20:08:17.127Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38360,29 +22926,52 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e",
+      "id": "relationship--3c291ee5-1782-4e5b-8131-5188c7388f45",
       "type": "relationship",
-      "created": "2021-02-08T16:36:20.692Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "BlackBerry Bahamut",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
         }
       ],
-      "modified": "2021-05-24T13:16:56.443Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers the device phone number and IMEI and transmits them to a command and control server.(Citation: FireEye-RuMMS)",
       "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7",
+      "type": "relationship",
+      "created": "2019-10-15T19:33:42.204Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
+        }
+      ],
+      "modified": "2019-10-15T19:33:42.204Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--66132260-65d1-4bf5-8200-abdb2014be6f",
-      "created": "2020-09-15T15:18:12.465Z",
+      "id": "relationship--3c43d125-6719-420e-bb69-878cc91c2474",
+      "created": "2020-09-15T15:18:12.428Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -38395,10 +22984,981 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:51:12.881Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can detect if it is running in an emulator and adjust its behavior accordingly.(Citation: Cybereason FakeSpy)",
+      "modified": "2023-04-05T17:45:11.727Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can register for the `BOOT_COMPLETED` broadcast Intent.(Citation: Cybereason FakeSpy)",
       "relationship_type": "uses",
       "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3c57ee56-34bc-4f0c-b363-68dab3e5e7b3",
+      "created": "2023-10-10T15:33:58.361Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Proofpoint-Droidjack",
+          "description": "Proofpoint. (2016, July 7). DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found. Retrieved January 20, 2017.",
+          "url": "https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.361Z",
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) included code from the legitimate Pokemon GO app in order to appear identical to the user, but it also included additional malicious code.(Citation: Proofpoint-Droidjack)",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3c6776b9-258c-460c-b4b4-ea1a1453e5c5",
+      "created": "2023-08-16T16:40:34.787Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:40:34.787Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather device location data.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad",
+      "created": "2020-04-24T15:06:33.397Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:37:37.674Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect the device’s call log.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3c90dc4c-8156-49ae-8144-76526268a6c1",
+      "created": "2023-08-04T18:32:08.706Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:32:08.706Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can request device administrator privileges. (Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a",
+      "created": "2019-07-16T14:33:12.175Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Triada March 2016",
+          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
+          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:25:35.330Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) variants capture transaction data from SMS-based in-app purchases.(Citation: Kaspersky Triada March 2016) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.421Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.421Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect a list of installed applications.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.838Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to exploit well-known Android OS vulnerabilities to escalate privileges.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.419Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.419Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture audio from the device’s microphone and can record phone calls.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3d65c2b7-c907-45e1-b942-95f7d765e749",
+      "created": "2023-03-20T18:53:34.056Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:29:32.104Z",
+      "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3db58541-3870-424d-ad74-f2b84ff87abb",
+      "created": "2023-07-14T19:06:42.839Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-14T19:10:57.654Z",
+      "description": "Unexpected behavior from an application could be an indicator of masquerading.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083",
+      "created": "2020-01-27T17:05:58.331Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:39:39.589Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3dff770d-9627-4647-b945-7f24a97b2273",
+      "type": "relationship",
+      "created": "2019-09-15T15:26:22.926Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-24T15:02:13.533Z",
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3e11a61b-14b3-4268-a6dd-937d4baef6de",
+      "created": "2023-06-09T19:17:12.858Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-06-09T19:17:12.858Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can record environmental and call audio.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3",
+      "created": "2022-04-05T19:38:18.760Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ",
+      "modified": "2022-04-05T19:38:18.760Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60",
+      "created": "2020-11-24T17:55:12.828Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:21:27.210Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can access the device’s contact list.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf",
+          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+          "source_name": "CrowdStrike-Android"
+        }
+      ],
+      "modified": "2020-03-20T16:37:06.668Z",
+      "description": "(Citation: CrowdStrike-Android)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--bef4c620-0787-42a8-a96d-b7eb6e85917c",
+      "target_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364",
+      "created": "2023-02-06T19:46:19.592Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:46:19.592Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has C2 commands to add an infected device to a DDoS pool.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56",
+      "created": "2017-10-25T14:48:53.738Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 9 introduced a new security policy that prevents applications from reading or writing data to other applications’ internal storage directories, regardless of permissions. ",
+      "modified": "2022-04-01T13:51:48.934Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817",
+      "created": "2019-09-20T18:03:57.062Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android 10 Execute",
+          "url": "https://developer.android.com/about/versions/10/behavior-changes-all#execute-permission",
+          "description": "Android Developers. (n.d.). Behavior changes: all apps - Removed execute permission for app home directory. Retrieved September 20, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications that target Android API level 29 or higher cannot execute native code stored in the application's internal data storage directory, limiting the ability of applications to download and execute native code at runtime. (Citation: Android 10 Execute)",
+      "modified": "2022-04-01T18:37:44.516Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3efe7dcc-a572-45ac-aff2-2932206a0632",
+      "created": "2019-08-07T15:57:13.441Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:52:06.559Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can access and upload the device's contact list to the command and control server.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365",
+      "created": "2019-09-04T14:28:15.950Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:35:59.273Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can delete arbitrary files on the device, and can also uninstall itself and clean up staging files.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13",
+      "created": "2020-10-29T17:48:27.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:45:26.765Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has registered to receive the `BOOT_COMPLETED` broadcast intent.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f392718-87c4-483b-b89f-4f0cc056d251",
+      "type": "relationship",
+      "created": "2020-07-20T13:58:53.610Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.302Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s UDID, version number, and product number.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3f47f048-badd-4476-8534-d06e20c02ec6",
+      "created": "2023-06-09T19:18:59.889Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-06-09T19:18:59.889Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can use HTTP and HTTP POST to communicate information to the C2.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd",
+      "created": "2023-03-20T18:43:03.117Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T22:30:26.847Z",
+      "description": "Application vetting services could look for use of the accessibility service or features that typically require root access.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f81a680-3151-4608-b83f-550756632013",
+      "type": "relationship",
+      "created": "2020-07-20T13:58:53.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.301Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) can obtain the device’s IMEM, ICCID, and MEID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3f973c3c-45f8-432a-9859-e8749f2e7418",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.848Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses sensitive data in files, such as messages stored by the WhatsApp, Facebook, and Twitter applications. It also has the ability to access arbitrary filenames and retrieve directory listings.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.655Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.410Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included phone call and audio recording capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a",
+      "created": "2020-06-26T14:55:13.304Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can display popups over running applications.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--3fdb8bfb-1b2d-4fac-bb41-d26a5ad18dbb",
+      "created": "2023-08-16T16:44:30.692Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:44:30.692Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can send stolen data over HTTP.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4009ff40-4616-4b1c-bff9-599e52ccab37",
+      "created": "2020-01-27T17:05:58.263Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:28:34.373Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s contact list.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4088b31b-d542-4935-84b4-82b592159591",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-10-10T15:22:52.591Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect contacts and messages from popular applications, including Facebook Messenger, WhatsApp, Skype, Viber, Line, WeChat, Hangouts, Telegram, and BlackBerry Messenger.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4",
+      "created": "2022-04-05T19:38:41.538Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
+      "modified": "2022-04-05T19:38:41.538Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--40f30137-4db9-4596-b4c7-a12f1497fd92",
+      "created": "2020-11-10T17:08:35.831Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has performed rudimentary SSL certificate validation to verify C2 server authenticity before establishing a SSL connection.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2022-04-18T16:02:42.303Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--418168ad-fee9-42c8-ac27-11f7472a5f86",
+      "created": "2019-09-03T19:45:48.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:09:08.738Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) One checks in with the command and control server using HTTP POST requests.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--41da5845-a1a8-4d10-8929-053be3496396",
+      "created": "2022-04-20T17:46:43.542Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:39:57.165Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP data exfiltration.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4",
+      "created": "2022-04-06T15:28:20.249Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not grant applications unexpected or unnecessary permissions. ",
+      "modified": "2022-04-06T15:28:20.249Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42342d72-a37c-477e-b8f1-1768273fcb7f",
+      "created": "2019-10-18T15:51:48.451Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised not to grant consent for screen captures to occur unless expected. Users should avoid enabling USB debugging (Android Debug Bridge) unless explicitly required. ",
+      "modified": "2022-04-01T13:32:32.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--42510b9a-7e72-4a52-bc7a-6e1a7ebacff7",
+      "created": "2023-08-16T16:33:12.493Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:33:12.493Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) has disguised itself as other applications, such as a cryptocurrency app called ‘CoinSpot’, and IKO bank in Poland. It has also used familiar icons, such as the Chrome and Bitcoin logos.(Citation: cyble_chameleon_0423) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000",
+      "created": "2022-03-30T15:13:42.462Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T15:13:42.462Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e",
+      "created": "2020-06-26T15:32:24.921Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:50:47.973Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) avoids being analyzed by only activating the malware after recording a certain number of steps from the accelerometer.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
       "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -38409,22 +23969,373 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe",
+      "id": "relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09",
       "type": "relationship",
-      "created": "2019-12-10T16:07:41.093Z",
+      "created": "2021-02-08T16:36:20.846Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
         }
       ],
-      "modified": "2019-12-10T16:07:41.093Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can download code and binaries from the C2 server to execute on the device as root.(Citation: SecureList DVMap June 2017)",
+      "modified": "2021-05-24T13:16:56.596Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has exfiltrated local account data and calendar information as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
       "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.304Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.304Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has stored encrypted strings in the APK file.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.549Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.524Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can record the screen and take screenshots to capture messages from Line, Facebook Messenger, and WhatsApp.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674",
+      "created": "2023-01-18T19:56:01.025Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:48:53.396Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept SMS messages.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.174Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50",
+      "created": "2020-06-26T15:32:25.025Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:52:43.629Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain the device’s contact list.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a",
+      "created": "2023-03-20T18:53:35.012Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:24:02.473Z",
+      "description": "On Android, the user is presented with a permissions popup when an application requests access to external device storage.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38",
+      "type": "relationship",
+      "created": "2020-05-11T16:37:36.616Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
+        }
+      ],
+      "modified": "2020-05-11T16:37:36.616Z",
+      "description": " [Ginp](https://attack.mitre.org/software/S0423) can inject input to make itself the default SMS handler.(Citation: ThreatFabric Ginp) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.664Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-01T19:48:44.840Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has looked for specific applications, such as MiCode.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--442dd700-2d7d-4cad-8282-9027e4f69133",
+      "created": "2022-03-30T20:31:41.927Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
+      "modified": "2022-03-30T20:31:41.927Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299",
+      "created": "2022-04-01T15:13:40.779Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Trend Micro iOS URL Hijacking",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
+          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
+      "modified": "2022-04-01T15:13:40.779Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4449ac76-8329-4483-b152-99b990006cbc",
+      "created": "2019-09-04T15:38:56.937Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:58:10.115Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect a list of known Wi-Fi access points.(Citation: FlexiSpy-Features) ",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2",
+      "created": "2023-03-20T18:53:15.929Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:23:14.948Z",
+      "description": "Application vetting services could detect when applications store data insecurely, for example, in unprotected external storage.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--44b63426-1ea7-456e-907b-0856e3eab0c3",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.142Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.142Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has collected the device’s location.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38452,17 +24363,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408",
+      "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ",
-      "modified": "2022-03-28T19:20:30.375Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-15T19:47:48.036Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38470,22 +24388,15 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--cacc0b72-9d73-4381-90e9-545ba908722c",
+      "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63",
       "type": "relationship",
-      "created": "2019-09-15T15:35:33.215Z",
+      "created": "2020-05-07T15:24:49.530Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
-          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
-          "source_name": "Talos Gustuff Apr 2019"
-        }
-      ],
-      "modified": "2019-09-15T15:35:33.215Z",
-      "description": "[Gustuff](https://attack.mitre.org/software/S0406) injects the global action `GLOBAL_ACTION_BACK` to mimic pressing the back button to close the application if a call to an open antivirus application is detected.(Citation: Talos Gustuff Apr 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "modified": "2020-05-27T13:23:34.536Z",
+      "description": "Security updates frequently contain patches to vulnerabilities.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38494,16 +24405,16 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77",
-      "created": "2022-04-06T15:52:41.579Z",
+      "id": "relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9",
+      "created": "2022-04-06T13:57:38.847Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-06T15:52:41.579Z",
+      "modified": "2022-04-06T13:57:38.847Z",
       "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "source_ref": "attack-pattern--8f0e39c6-82c9-41ec-9f93-5696c0f2e274",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -38512,9 +24423,35 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65",
       "type": "relationship",
-      "created": "2021-04-19T17:05:42.574Z",
+      "id": "relationship--455b1287-5784-42b4-91fb-01dac007758d",
+      "created": "2020-09-29T13:24:15.234Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can open a dialog box to ask the user for passwords.(Citation: Lookout-Dendroid)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.982Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -38523,27 +24460,298 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2021-04-19T17:05:42.574Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t",
+      "modified": "2020-12-24T21:45:56.982Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb",
+      "created": "2020-12-14T14:52:03.184Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1",
+      "created": "2022-04-05T19:48:31.354Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:48:31.354Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e",
+      "created": "2020-01-27T17:05:58.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:28:07.442Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4761145d-34ac-4b45-a0d6-a09b1907a196",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.367Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.367Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can inject clicks to launch applications, share posts on social media, and interact with WebViews to perform fraudulent actions.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5",
-      "created": "2023-03-20T18:50:21.296Z",
+      "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af",
+      "created": "2020-12-14T14:52:03.322Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:52:58.974Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775",
+      "created": "2022-04-05T20:15:43.660Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:15:43.660Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4819f391-01de-4525-992b-7e4a4f6667de",
+      "type": "relationship",
+      "created": "2020-11-20T15:46:51.603Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T15:46:51.603Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can take pictures with the camera.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--481e5d33-eca4-453c-9fec-27ee01d50989",
+      "created": "2023-02-28T21:45:41.365Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:26:12.006Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view files and media.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6",
+      "created": "2019-07-10T15:35:43.665Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:00.609Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--48552acc-5f1a-422f-90fa-37108446f36d",
+      "created": "2022-03-30T19:14:20.374Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:14:20.374Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--039bc59c-ecc7-4997-b2b4-4ab728bd91aa",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--48854999-1c12-4454-bb7c-051691a081f9",
+      "created": "2022-03-28T19:25:49.640Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Ensure Verified Boot is enabled on devices with that capability.",
+      "modified": "2022-03-28T19:25:49.640Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4896e256-fb04-403c-bbb7-2323b158a6e0",
+      "created": "2022-03-30T19:52:05.143Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:52:05.143Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4897ef75-0035-4ae5-b325-de2f6b27565f",
+      "created": "2023-09-21T22:31:28.428Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:50:21.296Z",
-      "description": "",
+      "modified": "2023-09-21T22:31:28.428Z",
+      "description": "Application vetting services may look for indications that the application’s update includes malicious code at runtime. ",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -38554,28 +24762,791 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74",
       "type": "relationship",
-      "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2021-01-05T20:16:20.511Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.511Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has contained an alarm that triggers every three minutes and timers for communicating with the C2.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--48cd0af5-9ad1-44b3-beeb-d576974dadee",
+      "created": "2023-09-28T17:19:00.464Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:19:00.464Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can request the `DISABLE_KEYGUARD` permission to disable the device lock screen password.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4920a041-86f7-495b-896c-4d964950ed7e",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.454Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.454Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has contained native libraries.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--492d5699-f885-411a-8431-254fcf33fb12",
+      "created": "2019-08-09T16:14:58.367Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Proofpoint-Marcher",
-          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
-          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
+          "source_name": "Android Capture Sensor 2019",
+          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
+          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "Android 9 and above restricts access to the mic, camera, and other device sensors from applications running in the background. iOS 14 and Android 12 introduced a visual indicator on the status bar (green dot) when an application is accessing the device’s camera.(Citation: Android Capture Sensor 2019)",
+      "modified": "2022-04-01T13:56:12.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4943cca6-69b1-4565-ac09-87ebda04584c",
+      "created": "2022-04-01T18:52:02.211Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught the dangers of rooting or jailbreaking their device.",
+      "modified": "2022-04-01T18:52:02.211Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--496976ef-4a0c-4782-95e7-231bd44df162",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.295Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.295Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device information, including device model and OS version.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--49c0c003-433c-467f-93b7-ca585aab8232",
+      "created": "2023-08-16T16:46:17.841Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:46:17.841Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can register as an `SMSBroadcast` receiver to monitor incoming SMS messages.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a408dee-07da-4855-b2ff-be512480ccb5",
+      "created": "2023-01-19T18:08:41.596Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:18:05.095Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can gather device UDIDs.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57",
+      "created": "2023-03-20T18:43:49.345Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Android-AppLinks",
+          "description": "Android. (n.d.). Handling App Links. Retrieved December 21, 2016.",
+          "url": "https://developer.android.com/training/app-links/index.html"
+        },
+        {
+          "source_name": "IETF-OAuthNativeApps",
+          "description": "W. Denniss and J. Bradley. (2017, October). IETF RFC 8252: OAuth 2.0 for Native Apps. Retrieved November 30, 2018.",
+          "url": "https://tools.ietf.org/html/rfc8252"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:09:09.008Z",
+      "description": "When vetting applications for potential security weaknesses, the vetting process could look for insecure use of Intents. Developers should be encouraged to use techniques to ensure that the intent can only be sent to an appropriate destination (e.g., use explicit rather than implicit intents, permission checking, checking of the destination app's signing certificate, or utilizing the App Links feature). For mobile applications using OAuth, encourage use of best practice. (Citation: IETF-OAuthNativeApps)(Citation: Android-AppLinks)",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5",
+      "created": "2023-03-03T16:26:20.400Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:26:20.400Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about running processes.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.519Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.519Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect messages from GSM, WhatsApp, Telegram, Facebook, and Threema by reading the application’s notification content.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952",
+      "created": "2020-04-24T17:46:31.564Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:25:55.378Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can intercept SMS messages.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4a936488-526c-40c1-b2d5-490052cb0e73",
+      "created": "2020-12-31T18:25:05.162Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:22:53.698Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can run bash commands.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d",
+      "created": "2023-02-28T21:43:12.487Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:43:12.487Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can make and block phone calls.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d",
+      "created": "2023-03-16T18:28:40.419Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:11:01.943Z",
+      "description": "Application vetting services could look for `android.permission.READ_CALENDAR` or `android.permission.WRITE_CALENDAR` in an Android application’s manifest, or `NSCalendarsUsageDescription` in an iOS application’s `Info.plist` file. Most applications do not need calendar access, so extra scrutiny could be applied to those that request it. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.469Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.469Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can forward SMS messages.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3",
+      "created": "2020-09-15T15:18:12.462Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:42:40.327Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can hide its icon if it detects that it is being run on an emulator.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193",
+      "created": "2021-10-01T14:42:49.152Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:26:18.801Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4af26643-880f-4c34-a4a8-23e89b950c9d",
+      "created": "2019-09-04T15:38:56.883Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:18:38.582Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect the device calendars.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.726Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.726Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has downloaded additional code to root devices, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1",
+      "created": "2021-10-01T14:42:49.176Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-15T17:33:49.565Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4b68bcb1-a512-40f7-9aee-235b3668f022",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.271Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.271Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain clipboard contents.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4b7e117b-0c82-49d0-bee6-119158b3355b",
+      "created": "2023-02-28T20:32:37.800Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T20:32:50.168Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can disable Google Play Protect to prevent detection.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4b838636-bfa4-4592-b72f-3044946b8187",
+      "created": "2020-09-14T14:13:45.236Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/esurv-research"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:53:16.656Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate the device’s contact list.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.495Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.495Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can track the device’s location.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.801Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.571Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included video recording in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4c035760-9bf2-40cd-87d1-f286afd76376",
+      "created": "2023-07-21T19:41:45.173Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:41:45.173Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can collect clipboard data.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11",
+      "created": "2022-09-29T20:08:54.389Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T18:38:37.195Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd",
+      "created": "2019-09-03T19:45:48.503Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:10:38.937Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can download the address book.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4cb926c1-c242-45c2-be46-07c22435a8a5",
+      "created": "2022-09-30T19:23:02.689Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T19:23:02.689Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors that would send information and data from a victim's mobile device to the C2 servers.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c",
+      "created": "2019-09-03T20:08:00.687Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:31:38.319Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can intercept two-factor authentication codes transmitted via SMS.(Citation: Talos Gustuff Apr 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1",
+      "created": "2023-03-20T15:16:19.428Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T22:16:55.879Z",
+      "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to newly created processes and their parameters, potentially detecting unwanted or malicious shells.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3",
@@ -38606,25 +25577,2692 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa",
       "type": "relationship",
-      "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b",
-      "created": "2022-04-06T13:52:37.470Z",
+      "created": "2020-11-24T17:55:12.804Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.804Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has the capability to remotely load plugins and download and compile new .NET code.(Citation: Talos GPlayed) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4d542595-1eb0-45aa-9702-9d494142b390",
+      "type": "relationship",
+      "created": "2019-08-09T18:08:07.109Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.109Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can record video or capture photos when an infected device is in a specified location.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b",
+      "created": "2021-01-05T20:16:20.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:47:18.774Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:03:03.296Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) uses HTTP for command and control.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4d88c5ac-68c0-4304-9474-d07372d0ad99",
+      "created": "2023-09-21T22:19:04.080Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T22:19:04.080Z",
+      "description": "Enterprises can provision policies to mobile devices for application allow-listing, ensuring only approved applications are installed onto mobile devices.  ",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36",
+      "created": "2020-05-07T15:33:32.895Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4df6a22e-489f-400c-b953-cc53bfb708a3",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.296Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s iOS version can collect device information.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4e68feca-083f-40ed-88d8-2b6a3935c949",
+      "created": "2023-01-18T19:12:11.201Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:53:38.271Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use the Android `CallScreeningService` to silently block incoming calls.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7",
+      "created": "2020-07-20T13:27:33.440Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:26:22.984Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-15T15:36:42.312Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can retrieve a list of installed applications. Installed application names are then checked against an adversary-defined list of targeted applications.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446",
+      "created": "2020-12-14T14:52:03.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:26:37.661Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect SMS messages.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4ee57616-7205-490c-86c3-c27dcffd8689",
+      "created": "2022-04-06T13:35:43.203Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Users should be cautioned against granting administrative access to applications.",
-      "modified": "2022-04-06T13:52:37.470Z",
+      "description": "Recent OS versions have limited access to certain APIs unless certain conditions are met, making [Data Manipulation](https://attack.mitre.org/techniques/T1641) more difficult",
+      "modified": "2022-04-06T13:35:43.203Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4efa4953-7854-4144-8837-d7831ccbe35d",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.691Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.691Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect a list of installed applications.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) uses SMS for command and control.(Citation: Lookout-Pegasus)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:13:18.720Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses call logs.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.744Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.744Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record audio.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4f812a57-efdc-463b-bf37-baa4bca7502b",
+      "created": "2020-05-04T14:22:20.348Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:35:00.081Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can uninstall itself from a device on command by abusing the accessibility service.(Citation: SecurityIntelligence TrickMo) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--4fc165fd-185e-4c70-b423-c242cf715510",
+      "created": "2019-10-07T16:32:27.127Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:55:21.480Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) checks if it is running in an analysis environment.(Citation: securelist rotexy 2018) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760",
+      "created": "2022-03-30T14:41:20.735Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Changes to System Broadcasts",
+          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
+          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts)",
+      "modified": "2022-03-30T14:41:20.735Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699",
-      "created": "2020-04-24T15:06:33.393Z",
+      "id": "relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3",
+      "created": "2023-02-28T21:44:45.063Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:26:33.166Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can use overlays to cover legitimate applications or screens.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:53:41.561Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can view contacts.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--502fc83c-ce03-4ce7-a202-095bbe0b492b",
+      "created": "2023-07-21T19:51:08.375Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:51:08.375Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access a device’s location.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--503ca6f2-a747-43fb-8fc5-7be095dcb966",
+      "created": "2023-08-04T18:31:30.237Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:31:30.237Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can access images stored on external storage.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--506d657b-1634-442e-8179-7187f82feb3a",
+      "created": "2020-12-24T21:55:56.691Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:17.926Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the call logs.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.267Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.267Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can track the device’s location.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.451Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.451Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect the device’s ID.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50bab448-fee6-49e9-a296-498fe06eacc7",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.490Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2019-11-21T16:42:48.490Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can obtain a list of installed applications.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:39.008Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--50d8e788-d405-45e8-b6b7-0f02f353cc97",
+      "created": "2023-09-28T17:20:00.981Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:20:00.981Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can request coarse and fine location permissions to track the device.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--50f03c00-5488-49fe-a527-a8776e526523",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.820Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.820Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect a list of installed applications.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912",
+      "type": "relationship",
+      "created": "2020-05-11T16:13:43.062Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-11T16:13:43.062Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:38:56.380Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab",
+      "created": "2022-04-11T20:06:38.811Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products that are part of the Samsung Knox for Mobile Threat Defense program could examine running applications while the device is idle, potentially detecting malicious applications that are running primarily when the device is not being used.",
+      "modified": "2022-04-11T20:06:38.811Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--51757971-17ac-40c3-bae7-78365579db49",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Obad",
+          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:02:27.188Z",
+      "description": "[OBAD](https://attack.mitre.org/software/S0286) abuses device administrator access to make it more difficult for users to remove the application.(Citation: TrendMicro-Obad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--51b0a4fb-a308-4694-9437-95702a50ebd5",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.231Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.231Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can take photos with the device camera.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1",
+      "created": "2019-09-04T15:38:57.037Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record keystrokes and analyze them for keywords.(Citation: FlexiSpy-Features)",
+      "modified": "2022-04-15T17:34:17.813Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999",
+      "created": "2020-11-24T17:55:12.818Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:21:12.197Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can register for the `BOOT_COMPLETED` broadcast intent.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3",
+      "created": "2019-10-18T15:51:48.487Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
+      "modified": "2022-04-05T19:42:51.306Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--520c7112-9768-42c5-8917-1950efd182f9",
+      "created": "2023-02-06T19:38:45.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:33:30.155Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use keylogging to capture user input.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48",
+      "created": "2023-03-16T18:37:55.715Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T14:52:23.577Z",
+      "description": "On Android, the user can use the device settings menu to view trusted CA certificates and look for unexpected or unknown certificates. A mobile security product could similarly examine the trusted CA certificate store for anomalies. Users can use the device settings menu to view which applications on the device are allowed to install unknown applications. \n\nOn iOS, the user can use the device settings menu to view installed Configuration Profiles and look for unexpected or unknown profiles. A Mobile Device Management (MDM) system could use the iOS MDM APIs to examine the list of installed Configuration Profiles for anomalies.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa",
+      "created": "2022-04-01T16:52:36.974Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T16:52:36.974Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--82f04b1e-5371-4a6f-be06-411f0f43b483",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--529107fd-6420-4573-8dbf-cdcd49c2708c",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.307Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.307Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can gather device network information.(Citation: Cybereason EventBot) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25",
+      "type": "relationship",
+      "created": "2020-09-11T15:55:43.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2020-09-11T15:55:43.774Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) deletes incoming SMS messages from specified numbers, including those that contain particular strings.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.314Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.314Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has utilized foreground services.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--53364899-1ea5-47fa-afde-c210aed64120",
+      "type": "relationship",
+      "created": "2019-07-10T15:47:19.659Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-07-16T15:35:21.086Z",
+      "description": "(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--533e5ce5-138c-4bfc-9a59-eb0ced8e6e1a",
+      "created": "2023-10-10T15:33:59.484Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.484Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has impersonated several apps, including official Google apps, chat apps, VPN apps, and popular games.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--535d2425-21aa-4fe5-ae6d-5b677f459020",
+      "created": "2022-03-28T19:41:37.162Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches for devices that were compromised at the supply chain level.",
+      "modified": "2022-03-28T19:41:37.162Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d",
+      "created": "2023-03-20T18:38:36.873Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:26:05.065Z",
+      "description": "The user can view which applications have permission to use the camera through the device settings screen, where the user can then choose to revoke the permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--54151897-cc7e-4f92-af50-bed41ea78d92",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-MobileMalware",
+          "description": "Roman Unuchek and Victor Chebyshev. (2014, February 24). Mobile Malware Evolution: 2013. Retrieved December 22, 2016.",
+          "url": "https://securelist.com/mobile-malware-evolution-2013/58335/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:03:20.968Z",
+      "description": "[Trojan-SMS.AndroidOS.FakeInst.a](https://attack.mitre.org/software/S0306) uses Google Cloud Messaging (GCM) for command and control.(Citation: Kaspersky-MobileMalware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--28e39395-91e7-4f02-b694-5e079c964da9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.498Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47",
+      "created": "2022-04-01T17:08:41.293Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
+      "modified": "2022-04-01T17:08:41.293Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2",
+      "created": "2019-09-04T14:28:15.482Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:28:58.447Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81",
+      "created": "2022-04-05T20:03:46.789Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:03:46.789Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--60623164-ccd8-4508-a141-b5a34820b3de",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--54bfecbc-4d1d-4bca-bb9c-652d09b29515",
+      "created": "2023-06-09T19:10:48.877Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:14:31.727Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect the device ID, model, manufacturer, and Android version. It can also check available storage space and if the screen is locked.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec",
+      "created": "2022-04-01T15:54:48.924Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Applications very rarely require administrator permission. Developers should be cautioned against using this higher degree of access to avoid being flagged as a potentially malicious application. ",
+      "modified": "2022-04-01T15:54:48.924Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--54dac52d-5279-407f-b7b4-5484ae90b98c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.402Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.402Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has downloaded and installed additional applications.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d",
+      "created": "2017-10-25T14:48:53.746Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TelephonyManager",
+          "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html",
+          "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ",
+      "modified": "2022-03-30T21:04:59.921Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089",
+      "created": "2022-03-28T19:41:27.610Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
+      "modified": "2022-03-28T19:41:27.610Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.319Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.319Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect voice notes, device accounts, and gallery images.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4",
+      "created": "2021-01-05T20:16:20.507Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:23:12.919Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can execute commands .(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5619e263-d48c-47a5-ab68-8677fe080a15",
+      "created": "2022-03-30T14:42:27.821Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:42:27.821Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--56551987-326a-46ad-a34a-59bb7ab793a9",
+      "created": "2020-12-14T14:52:03.266Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:24:07.828Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can request device administrator permissions.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--56758bb5-230e-43ac-9851-167c296c3dfa",
+      "created": "2023-03-20T18:38:27.730Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:25:29.731Z",
+      "description": "During the vetting process, applications using the Android permission `android.permission.CAMERA`, or the iOS `NSCameraUsageDescription` plist entry could be given closer scrutiny. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--56a255a5-9fa2-45bb-8848-fd0a68514467",
+      "created": "2022-04-11T20:06:56.034Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-11T20:06:56.034Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--2f0e8d80-4b8b-4f4a-b5cc-132afe7e057d",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--56c8af86-2924-46f8-a1d7-8309ee6f0282",
+      "created": "2023-07-21T19:36:35.822Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:36:35.822Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can collect network information, such as IP address, SIM card info, and Wi-Fi info.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5706742b-733d-44e9-a032-62b81ba05bcf",
+      "created": "2020-06-02T14:32:31.897Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:26:52.491Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve SMS messages and iMessages.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57293fc9-8838-4acd-a16f-48f516d0921e",
+      "created": "2020-04-08T15:51:25.122Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:29:51.699Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) hides its icon after installation.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7",
+      "created": "2023-03-20T18:57:42.922Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:17:40.405Z",
+      "description": "Application vetting services can look for the use of the Android `MediaProjectionManager` class, applying extra scrutiny to applications that use the class.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57881f4b-8463-430c-912a-0e3c961e7784",
+      "created": "2023-07-21T19:52:30.528Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:52:30.529Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can copy and exfiltrate a device’s contact list.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57a069a0-399f-43ab-9efc-50432a41b26b",
+      "created": "2020-12-24T21:55:56.743Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:36:12.585Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has deleted or renamed specific files.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57a5ae72-6932-45e6-83f2-609943902b35",
+      "created": "2023-03-20T18:50:33.248Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:30:03.505Z",
+      "description": "In both Android (6.0 and up) and iOS, the user can view which applications have the permission to access the device location through the device settings screen and revoke permissions as necessary. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791",
+      "created": "2022-03-30T19:33:17.520Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
+      "modified": "2022-03-30T19:33:17.520Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78",
+      "created": "2023-02-28T20:37:59.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:08:37.122Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can obfuscated class, string, and method names in newer malware versions.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.900Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.900Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s IMEI, phone number, and country.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56",
+      "created": "2020-06-26T15:32:25.045Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:27:05.040Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect SMS messages from a device.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--58c857f8-4f40-48e0-b3ac-41944d82b576",
+      "created": "2020-12-24T22:04:27.991Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:54:02.223Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of contacts.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--592331d2-60a7-4264-b844-fbeb89b6386c",
+      "created": "2023-03-20T18:58:56.942Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:53:16.626Z",
+      "description": "The user can view the default SMS handler in system settings.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5977289e-d38f-4974-912b-2151fc00c850",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.524Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.524Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s phone number and IMSI.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9",
+      "created": "2022-04-05T19:52:32.201Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:52:32.201Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--3dd58c80-4c2e-458c-9503-1b2cd273c4d2",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc",
+      "created": "2023-03-20T18:14:50.401Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T22:35:46.046Z",
+      "description": "Mobile security products can use attestation to detect compromised devices.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--59d463d3-3a41-4269-be9a-7a69f44eca78",
+      "created": "2020-10-29T19:21:23.215Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:03:47.434Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has communicated with the C2 server using HTTP.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef",
+      "created": "2022-04-05T20:14:17.442Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:14:17.442Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d",
+      "created": "2019-07-10T15:35:43.658Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:57:40.371Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1",
+      "created": "2020-10-29T17:48:27.272Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain a list of installed applications and can detect if an antivirus application is running, and close it if it is.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-15T16:53:00.735Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.508Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.114Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.351Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.351Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect a list of installed applications.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae",
+      "created": "2020-12-24T22:04:27.902Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:04:02.992Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has used HTTP POST requests for C2.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f",
+      "created": "2023-03-20T15:56:34.418Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:27:56.357Z",
+      "description": "Application vetting services can check for the string `BIND_DEVICE_ADMIN` in the application’s manifest. This indicates it can prompt the user for device administrator permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Tripwire-MazarBOT",
+          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
+          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uses commands received from text messages for C2.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0",
+      "type": "relationship",
+      "created": "2019-09-15T15:32:17.563Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-07-09T14:07:02.315Z",
+      "description": "Application developers could be encouraged to avoid placing sensitive data in notification text.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5aa167b8-4166-440b-b49f-bf1bab597237",
+      "created": "2019-11-21T16:42:48.441Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:39:13.309Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect the device’s call log.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5b04c8d0-c026-4838-9383-e4146de36d4d",
+      "created": "2023-03-16T18:33:19.941Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:34:11.221Z",
+      "description": "Application vetting services could detect usage of standard clipboard APIs.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747",
+      "created": "2022-03-30T19:51:56.543Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:51:56.543Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.452Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.452Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has obfuscated components using XOR, ZIP with a single-byte key or ZIP/Zlib compression wrapped with RC4 encryption.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b5586b9-75ee-476f-b3eb-49878254302c",
+      "type": "relationship",
+      "created": "2019-07-16T14:33:12.117Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.643Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) is able to modify code within the com.android.systemui application to gain access to `GET_REAL_TASKS` permissions. This permission enables access to information about applications currently on the foreground and other recently used apps.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b670281-0054-42b4-8e54-ea01a692f5bf",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.900Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.900Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can open a hidden menu when a specific phone number is called from the infected device.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.427Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:42:15.628Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can send, receive, and delete SMS messages.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5b9a2c93-95bf-4f39-aeac-b2af051faca9",
+      "created": "2023-08-23T22:50:55.591Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-23T22:50:55.591Z",
+      "description": "Application vetting services may detect API calls to `performGlobalAction(int)`. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.324Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.324Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has collected phone metadata such as cell location, mobile country code (MCC), and mobile network code (MNC).(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf",
+      "created": "2023-03-20T15:46:49.646Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:39:37.117Z",
+      "description": "Application vetting services may be able to detect known privilege escalation exploits contained within applications, as well as searching application packages for strings that correlate to known password store locations.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a",
+      "created": "2020-07-27T14:14:56.996Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:19:00.199Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can inject code into the Setup Wizard at runtime to extract CAPTCHA images. [Zen](https://attack.mitre.org/software/S0494) can inject code into the `libc` of running processes to infect them with the malware.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.997Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.997Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has tracked location.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5ced57a7-b674-40d4-98b8-a090963a6ade",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-09-18T13:45:58.872Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) abuses Accessibility features to steal messages from popular apps such as WeChat, Skype, Viber, and QQ.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f",
+      "created": "2023-03-20T18:43:14.051Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T21:18:54.014Z",
+      "description": "The user can see a list of applications that can use accessibility services in the device settings.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da",
+      "type": "relationship",
+      "created": "2021-09-24T14:52:41.308Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2021-09-24T14:52:41.308Z",
+      "description": " [Monokle](https://attack.mitre.org/software/S0407) can hook itself to appear invisible to the Process Manager.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5d37400f-80f9-4500-9357-185650e5a7b2",
+      "created": "2023-02-06T18:54:13.573Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:14:02.866Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can use HTTP to communicate with the C2 server.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c",
+      "created": "2023-01-18T21:38:58.113Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:49:16.069Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use input injection via Accessibility Services to simulate user touch inputs, prevent applications from opening, change device settings, and bypass MFA protections.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d",
+      "created": "2023-02-06T18:52:40.543Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:14:41.449Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can intercept SMS messages containing two factor authentication codes.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2",
+      "created": "2022-03-30T19:12:31.481Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:12:31.481Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.471Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:51:37.979Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d",
+      "created": "2019-09-23T13:36:08.451Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) procedurally generates subdomains for command and control communication.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5e95ca90-bf75-4031-a28f-f8565c02185c",
+      "created": "2020-11-24T17:55:12.883Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:23:49.569Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can lock the user out of the device by showing a persistent overlay.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2",
+      "created": "2023-03-20T18:59:57.364Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:05:08.407Z",
+      "description": "The user can examine the list of all installed applications in the device settings. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1",
+      "created": "2023-03-15T16:24:12.588Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:26:59.132Z",
+      "description": "Application vetting services can detect when an application requests administrator permission.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24",
+      "created": "2023-03-15T16:40:37.553Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T21:03:10.023Z",
+      "description": "Mobile security products can potentially detect rogue Wi-Fi access points if the adversary is attempting to decrypt traffic using an untrusted SSL certificate. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421",
+      "created": "2020-04-24T15:12:11.217Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -38637,10 +28275,1225 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:49:04.950Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2023-04-05T20:04:31.136Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
       "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--60782df8-1e96-48eb-a6b7-843c94b32b59",
+      "created": "2023-02-06T19:43:17.802Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:33:52.290Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can hide its application icon.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) provided capabilities that allowed developers to use compromised devices to post positive reviews on their own malicious applications as well as download other malicious applications they had submitted to the Play Store.(Citation: Lookout-BrainTest)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--609ec9f8-f702-444b-b837-72a0880d429b",
+      "created": "2023-09-22T19:17:01.704Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T19:17:01.704Z",
+      "description": "The user may view applications with administrator access through the device settings and may also notice if user data is inexplicably missing. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--60ad088f-3133-4b0c-a441-e1e06fff1765",
+      "created": "2023-02-06T19:37:56.416Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:34:29.147Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can gather data about the device.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.308Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.308Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encodes its configurations using a customized algorithm.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113",
+      "created": "2020-06-26T15:32:25.032Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can generate fake notifications and launch overlay attacks against attacker-specified applications.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3",
+      "created": "2019-07-10T15:35:43.712Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:36:27.557Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) has the ability to delete attacker-specified files from compromised devices.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71",
+      "created": "2019-07-10T15:42:09.606Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:01:46.513Z",
+      "description": "[Dark Caracal](https://attack.mitre.org/groups/G0070) controls implants using standard HTTP communication.(Citation: Lookout Dark Caracal Jan 2018) ",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--8a831aaa-f3e0-47a3-bed8-a9ced744dd12",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--61550ef4-41f0-4354-af5c-f47db8aca654",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.910Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.910Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s phone number, ICCID, IMEI, and the currently active network interface (Wi-Fi or cellular).(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c",
+      "type": "relationship",
+      "created": "2020-01-21T15:29:27.041Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2020-01-21T15:29:27.041Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can download attacker-specified files.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544",
+      "created": "2022-04-05T19:40:25.071Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:40:25.071Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--6f86d346-f092-4abc-80df-8558a90c426a",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc",
+      "created": "2023-02-06T19:41:40.104Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:35:04.072Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can silently intercept and manipulate notifications. [S.O.V.A.](https://attack.mitre.org/software/S1062) can also inject cookies via push notifications.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213",
+      "created": "2023-03-20T15:32:36.972Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T17:18:06.656Z",
+      "description": "Application vetting services can detect malicious code in applications.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d",
+      "created": "2022-03-30T20:13:40.625Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.",
+      "modified": "2022-03-30T20:13:40.625Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.287Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.290Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has implemented functions in native code.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6",
+      "created": "2022-03-30T13:48:43.977Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
+      "modified": "2022-03-30T13:48:43.977Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6315b6ec-35f8-4b28-8603-664664311a33",
+      "created": "2023-08-16T16:44:53.770Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:44:53.770Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can read the name of application packages.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--634071ce-d386-4143-8e6e-b88bc077de6d",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.961Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.782Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can dynamically load executable code from remote sources.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--642a2599-a50c-480c-8e07-2a3a217f4a46",
+      "created": "2023-07-21T19:52:13.807Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:52:13.807Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can turn on a device’s microphone to capture audio.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--64489abc-5c2f-4620-833d-9ac010040955",
+      "created": "2023-08-14T16:19:54.684Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "unit42_strat_aged_domain_det",
+          "description": "Chen, Z. et al. (2021, December 29). Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends. Retrieved July 31, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/"
+        },
+        {
+          "source_name": "Data Driven Security DGA",
+          "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+          "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:19:54.684Z",
+      "description": "Monitor for pseudo-randomly generated domain names based on frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Additionally, check if the suspicious domain has been recently registered, if it has been rarely visited, or if the domain had a spike in activity after being dormant.(Citation: unit42_strat_aged_domain_det) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda",
+      "created": "2023-02-06T19:02:00.135Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:16:28.481Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself microphone permissions.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65",
+      "type": "relationship",
+      "created": "2021-04-19T17:05:42.574Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T17:05:42.574Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has collected files from the infected device.(Citation: Lookout Uyghur Campaign)\t",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.478Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:52:48.001Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record the screen as the user unlocks the device and can take screenshots of any application in the foreground. [Monokle](https://attack.mitre.org/software/S0407) can also abuse accessibility features to read the screen to capture data from a large number of popular applications.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.382Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.382Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has communicated with the C2 server over TCP port 7777.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.157Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.157Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can capture device screenshots and stream them back to the C2.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6588186c-2fa1-408d-bef4-2d63ccf49c28",
+      "created": "2023-10-10T15:33:58.533Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.533Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has masqueraded as popular South Korean applications.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6588914f-d270-47d3-b889-046564ad616f",
+      "created": "2023-08-16T16:35:21.853Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:35:21.853Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather SMS messages.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.201Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-03-26T20:50:07.154Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can collect local accounts on the device, pictures, bookmarks/histories of the default browser, and files stored on the SD card. [GolfSpy](https://attack.mitre.org/software/S0421) can list image, audio, video, and other files stored on the device. [GolfSpy](https://attack.mitre.org/software/S0421) can copy arbitrary files from the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--65acbbe2-48e1-4fba-a781-39fb040a711d",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.505Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.178Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) One, after checking in, sends a POST request and then downloads  [Exodus](https://attack.mitre.org/software/S0405) Two, the second stage binaries.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--65dc7cc1-e047-4087-8b2b-7d0d0f67576a",
+      "created": "2023-08-16T16:34:14.088Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:34:14.088Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can perform overlay attacks against a device by injecting HTML phishing pages into a webview.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6603a556-9732-4f8b-ac9c-5c3949b251ed",
+      "created": "2023-09-21T22:20:53.256Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "app_hibernation",
+          "description": "Android Developers. (2023, August 28). App hibernation. Retrieved September 21, 2023.",
+          "url": "https://developer.android.com/topic/performance/app-hibernation"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T22:25:08.129Z",
+      "description": "Android 11 and above implement application hibernation, which can hibernate an application that has not been used for a few months and can reset the application’s permission requests.(Citation: app_hibernation)",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6609b892-d388-4b8a-ac21-5cbf12e0d574",
+      "created": "2023-10-10T15:33:58.701Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Forbes Cerberus",
+          "description": "Z. Doffman. (2019, August 16). Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated). Retrieved June 26, 2020.",
+          "url": "https://www.forbes.com/sites/zakdoffman/2019/08/16/dangerous-new-android-trojan-hides-from-malware-researchers-and-taunts-them-on-twitter/#1563fef26d9c"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.701Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) has pretended to be an Adobe Flash Player installer.(Citation: Forbes Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--66132260-65d1-4bf5-8200-abdb2014be6f",
+      "created": "2020-09-15T15:18:12.465Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:51:12.881Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can detect if it is running in an emulator and adjust its behavior accordingly.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519",
+      "created": "2022-04-05T17:03:53.457Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:03:53.457Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--66ba3094-7c14-41b9-b7c1-814d026156b9",
+      "type": "relationship",
+      "created": "2020-09-11T15:58:40.846Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:58:40.846Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can delete and send SMS messages.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.593Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.593Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has seen native libraries used in some reported samples (Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--66fb8a34-9d48-4599-a56e-19b057380030",
+      "created": "2023-03-20T18:46:08.304Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:04:38.833Z",
+      "description": "Mobile threat defense agents could detect unauthorized operating system modifications by using attestation. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--670a0995-a789-4674-9e91-c74316cdef90",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.621Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.621Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record audio from phone calls and the device microphone.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--67aa692c-24e4-483e-996e-02ce1e861ec8",
+      "created": "2023-02-28T20:37:29.206Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:09:02.129Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can add display overlays onto banking apps to capture credit card information.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2",
+      "created": "2019-09-03T20:08:00.704Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) code is both obfuscated and packed with an FTT packer.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:18:58.074Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f",
+      "created": "2021-01-20T16:01:19.488Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021.",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:17:07.374Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) has used motion sensor data  to attempt to determine if it is running in an emulator.(Citation: Trend Micro Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--681161b2-4e30-4d49-8524-6cc0d94585cb",
+      "created": "2023-03-16T13:33:26.925Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:34:55.830Z",
+      "description": "Many properly configured firewalls may naturally block bidirectional command and control traffic.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--681d5e61-9412-4c58-bef1-c6ef7bffcb0c",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:42:13.445Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f",
+      "target_ref": "attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6846dc09-b66a-42d3-aea2-c80b51f22952",
+      "created": "2023-02-28T21:42:31.008Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:42:31.008Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record audio using the device microphone.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d",
+      "type": "relationship",
+      "created": "2021-09-20T13:54:19.957Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:54:19.957Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6885280e-5423-422a-94f1-e91d557e043e",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-XcodeGhost1",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/",
+          "description": "Claud Xiao. (2015, September 17). Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store. Retrieved December 21, 2016."
+        },
+        {
+          "source_name": "PaloAlto-XcodeGhost",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/",
+          "description": "Claud Xiao. (2015, September 18). Update: XcodeGhost Attacker Can Phish Passwords and Open URLs through Infected Apps. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XcodeGhost](https://attack.mitre.org/software/S0297) was injected into apps by a modified version of Xcode (Apple's software development tool).(Citation: PaloAlto-XcodeGhost1)(Citation: PaloAlto-XcodeGhost)",
+      "modified": "2022-04-15T15:10:16.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d9e07aea-baad-4b68-bdca-90c77647d7f9",
+      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--68c17e9b-1fda-49dd-982b-566d473cc32b",
+      "created": "2022-04-06T15:51:11.939Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:51:11.939Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--633baf01-6de4-4963-bb54-ff6c6357bed3",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--68e5789c-9f60-421e-9c79-fae207a29e83",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:27:20.839Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole SMS message content.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3",
+      "created": "2020-07-20T13:27:33.486Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:54:25.851Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect the device’s contact list.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -38651,22 +29504,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19",
+      "id": "relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50",
       "type": "relationship",
-      "created": "2021-02-17T20:43:52.381Z",
+      "created": "2021-09-20T13:50:02.036Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
         }
       ],
-      "modified": "2021-02-17T20:43:52.381Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)",
+      "modified": "2021-09-20T13:50:02.036Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can make phone calls.(Citation: Cofense Anubis)",
       "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38674,22 +29527,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84",
+      "id": "relationship--694857ba-92e8-462e-8900-a9f6fdcf495d",
       "type": "relationship",
-      "created": "2019-07-10T15:35:43.708Z",
+      "created": "2020-12-31T18:25:05.133Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "source_name": "Lookout Dark Caracal Jan 2018"
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
         }
       ],
-      "modified": "2019-08-09T18:06:11.797Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2020-12-31T18:25:05.133Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has encrypted its DEX payload.(Citation: CYBERWARCON CHEMISTGAMES)",
       "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -38698,147 +29551,27 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6",
-      "created": "2021-04-26T15:33:55.905Z",
+      "id": "relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c",
+      "created": "2019-08-09T18:02:06.688Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "CitizenLab Circles",
-          "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/",
-          "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020."
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) can capture video using device cameras.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.507Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24",
-      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2",
-      "created": "2022-04-08T16:29:55.322Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-08T16:29:55.322Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
-      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--82555171-8b78-40f3-84d9-058359ae808a",
-      "type": "relationship",
-      "created": "2020-09-24T15:34:51.244Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Dendroid",
-          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
-          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
-        }
-      ],
-      "modified": "2020-09-24T15:34:51.244Z",
-      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can send and block SMS messages.(Citation: Lookout-Dendroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee",
-      "created": "2019-08-07T15:57:13.443Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:30:47.506Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803",
-      "created": "2023-02-06T19:05:00.862Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:20:37.796Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can obtain a list of installed applications.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8",
-      "created": "2023-02-06T18:59:15.881Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:21:10.915Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect device information such as manufacturer, model, version, serial number, and telephone number.(Citation: lookout_abstractemu_1021)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "type": "relationship",
       "id": "relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4",
@@ -38867,83 +29600,183 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10",
-      "created": "2023-03-03T15:36:15.840Z",
+      "id": "relationship--697f5584-667f-4489-a535-586dd1a8b48c",
+      "created": "2023-10-10T15:33:59.823Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "lookout_abstractemu_1021",
-          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
-          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-03T15:36:15.840Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access device call logs.(Citation: lookout_abstractemu_1021)",
+      "modified": "2023-10-10T15:33:59.823Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has inserted trojan functionality into legitimate apps, including popular apps within the Uyghur community, VPNs, instant messaging apps, social networking, games, adult media, and Google searching.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:17:53.923Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--69de3f7e-faa7-4342-b755-4777a68fd89b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) is capable of recording device phone calls.(Citation: Zscaler-SuperMarioRun)",
+      "modified": "2022-05-20T17:13:16.508Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6a1d8b2f-9007-46ba-b559-356b81632cee",
+      "created": "2023-10-10T15:33:58.444Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.444Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has masqueraded as TikTok.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.259Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.259Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can exfiltrate device pictures.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2",
+      "created": "2022-04-01T15:13:55.124Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not open links in applications they don’t recognize.",
+      "modified": "2022-04-01T15:13:55.124Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e",
+      "created": "2023-03-16T18:26:45.940Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016.",
+          "url": "https://source.android.com/security/verifiedboot/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:21:42.253Z",
+      "description": "On Android, Verified Boot can detect unauthorized modifications to the system partition.(Citation: Android-VerifiedBoot) Android's SafetyNet API provides remote attestation capabilities, which could potentially be used to identify and respond to compromise devices. Samsung Knox provides a similar remote attestation capability on supported Samsung devices. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2e08820f-a81d-480e-9e60-f14db3e49080",
+      "id": "relationship--6a715733-cde6-4903-b967-35562b584c6f",
       "type": "relationship",
-      "created": "2019-09-04T14:28:15.909Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
-          "source_name": "Lookout-Monokle"
-        }
-      ],
-      "modified": "2019-09-04T14:32:12.568Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can take photos and videos.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c",
-      "type": "relationship",
-      "created": "2019-12-10T16:07:41.078Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList DVMap June 2017",
-          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
-          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
-        }
-      ],
-      "modified": "2019-12-10T16:07:41.078Z",
-      "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0993769f-63fb-4720-bbcf-e6f37f71515e",
-      "type": "relationship",
-      "created": "2020-06-02T14:32:31.875Z",
+      "created": "2020-06-02T14:32:31.878Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -38952,207 +29785,48 @@
           "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
         }
       ],
-      "modified": "2020-06-02T14:32:31.875Z",
-      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s name, serial number, iOS version, total disk space, and free disk space.(Citation: Google Project Zero Insomnia) ",
+      "modified": "2020-06-02T14:32:31.878Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can obtain a list of installed non-Apple applications.(Citation: Google Project Zero Insomnia)",
       "relationship_type": "uses",
       "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86",
-      "created": "2023-03-20T15:16:43.275Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:16:43.275Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965",
-      "type": "relationship",
-      "created": "2020-04-08T15:51:25.106Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2020-04-08T15:51:25.106Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
       "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6",
       "type": "relationship",
-      "created": "2020-07-20T13:27:33.553Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
-        }
-      ],
-      "modified": "2020-08-10T21:57:54.518Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) sends the device’s IMEI with each exfiltration request.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0",
-      "created": "2020-12-31T18:25:05.164Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "modified": "2022-04-15T15:16:53.317Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1822e616-ae33-487c-8aa6-4fa81e724184",
-      "created": "2021-02-08T16:36:20.785Z",
+      "id": "relationship--6a813057-5fe0-46b5-89a3-c804d223568c",
+      "created": "2023-08-04T18:30:16.933Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:06:22.576Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included contact list exfiltration in the malicious apps deployed as part of Operation BULL.(Citation: BlackBerry Bahamut)",
+      "modified": "2023-09-26T12:54:10.319Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate the victim device ID, model, manufacturer, and Android version.(Citation: lookout_hornbill_sunbird_0221)",
       "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81",
-      "created": "2023-03-20T15:45:44.000Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:45:44.000Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c",
+      "id": "relationship--6a821e14-8247-408b-af37-9cecbba616ec",
       "type": "relationship",
-      "created": "2019-09-04T15:38:56.562Z",
+      "created": "2020-05-07T15:33:32.945Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
-          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
-          "source_name": "FortiGuard-FlexiSpy"
-        }
-      ],
-      "modified": "2019-10-14T18:08:28.500Z",
-      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)",
-      "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b",
-      "created": "2020-11-24T18:18:33.772Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:24:43.120Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36",
-      "created": "2020-05-07T15:33:32.895Z",
-      "x_mitre_version": "1.0",
       "external_references": [
         {
           "source_name": "CheckPoint Agent Smith",
@@ -39160,38 +29834,61 @@
           "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) shows fraudulent ads to generate revenue.(Citation: CheckPoint Agent Smith)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-05-07T15:33:32.945Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) obtains the device’s application list.(Citation: CheckPoint Agent Smith)",
       "relationship_type": "uses",
       "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--22041a01-75e7-4ff6-8768-ad45188c53c7",
-      "created": "2023-02-28T21:45:25.064Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-01T22:03:00.755Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can obtain a list of installed applications.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
       "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6ac2d9a5-248b-42c5-af71-3ffad7bc7f3e",
+      "created": "2023-09-21T22:18:06.516Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T19:39:19.069Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) initially poses as a benign application, then malware is downloaded and executed after an application update.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6ad4f199-99fe-4366-87be-7a462f6c89b0",
+      "created": "2023-06-09T19:11:38.612Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T20:48:41.487Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can access a device’s location and check if GPS is enabled. [Hornbill](https://attack.mitre.org/software/S1077) has logic to only log location changes greater than 70 meters.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -39201,465 +29898,100 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Gooligan Citation",
-          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/",
-          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Gooligan](https://attack.mitre.org/software/S0290) can install adware to generate revenue.(Citation: Gooligan Citation)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e",
-      "created": "2020-07-15T20:20:59.200Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:50:39.124Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access the device’s contact list.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39",
-      "created": "2020-06-26T14:55:13.387Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:59:55.854Z",
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) communicates with the C2 using HTTP requests.(Citation: Cybereason EventBot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2",
-      "created": "2019-09-04T14:28:15.482Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:28:58.447Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can reset the user's password/PIN.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3dd0cd4d-bcde-4105-b98e-b32add191083",
-      "created": "2020-01-27T17:05:58.331Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:39:39.589Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) exfiltrates data using HTTP POST requests.(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527",
-      "created": "2019-09-04T14:28:16.335Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Monokle",
-          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
-          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:57:56.616Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve nearby cell tower and Wi-Fi network information.(Citation: Lookout-Monokle)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7",
-      "type": "relationship",
-      "created": "2019-08-07T15:57:13.388Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
-        }
-      ],
-      "modified": "2019-09-18T13:44:13.453Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--44304163-9a44-4760-bd04-0e14adb33299",
-      "created": "2022-04-01T15:13:40.779Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Trend Micro iOS URL Hijacking",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
-          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
-      "modified": "2022-04-01T15:13:40.779Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.178Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.178Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has fingerprinted devices to uniquely identify them.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4",
-      "type": "relationship",
-      "created": "2021-03-25T16:39:40.200Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2021-03-25T16:39:40.200Z",
-      "description": "(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
-      "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.793Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e",
-      "created": "2022-03-30T18:15:03.625Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T18:15:03.625Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11",
-      "created": "2022-09-29T20:08:54.389Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2022-09-30T18:38:37.195Z",
-      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of exfiltrating specific files directly from the infected devices.(Citation: Cylance Dust Storm)",
-      "relationship_type": "uses",
-      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd",
-      "created": "2021-02-08T16:36:20.707Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "BlackBerry Bahamut",
-          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
-          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:05:01.189Z",
-      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:13:36.481Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429",
-      "created": "2022-04-01T18:51:28.859Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.",
-      "modified": "2022-04-01T18:51:28.859Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3498d304-48e3-4fe4-a3ab-fc261104f413",
+      "id": "relationship--6b41d649-bcd0-4427-baa1-15a145bace6e",
       "type": "relationship",
       "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
         }
       ],
-      "modified": "2019-08-09T17:59:49.094Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can record audio using the device microphone.(Citation: Lookout-StealthMango)",
+      "modified": "2019-08-09T17:56:05.642Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) downloads and executes root exploits from a remote server.(Citation: PaloAlto-SpyDealer)",
       "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.783Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
       "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9",
+      "created": "2021-01-05T20:16:20.500Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304",
-      "type": "relationship",
-      "created": "2019-10-10T15:27:22.091Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "source_name": "Lookout-StealthMango"
-        }
-      ],
-      "modified": "2019-10-10T15:27:22.091Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)",
+      "modified": "2023-04-05T20:27:33.948Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d",
-      "created": "2023-02-06T18:52:40.543Z",
+      "id": "relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab",
+      "created": "2023-01-18T19:16:15.534Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:54:10.458Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use keylogging to steal user banking credentials.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696",
+      "created": "2022-03-28T19:38:23.189Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-28T19:38:23.190Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a",
+      "created": "2023-03-03T15:42:28.475Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -39672,16 +30004,687 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:14:41.449Z",
-      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can intercept SMS messages containing two factor authentication codes.(Citation: lookout_abstractemu_1021)",
+      "modified": "2023-03-27T17:17:24.417Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can send large amounts of device data over its C2 channel, including the device’s manufacturer, model, version and serial number, telephone number, and IP address.(Citation: lookout_abstractemu_1021)",
       "relationship_type": "uses",
       "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6c0105f3-e919-499d-b080-d127394d2837",
+      "created": "2022-03-30T18:14:23.210Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Typically, insecure or malicious configuration settings are not installed without the user's consent. Users should be advised not to install unexpected configuration settings (CA certificates, iOS Configuration Profiles, Mobile Device Management server provisioning). ",
+      "modified": "2022-03-30T18:14:23.210Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6c35f99c-153d-4023-a29a-821488ce5418",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.383Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.383Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can collect a list of installed applications to compare to a list of targeted applications.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.301Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.301Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect system information, including brand, manufacturer, and serial number.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6c887e1b-ff9a-4d7f-baec-7d19e1c982bd",
+      "created": "2023-08-07T22:48:30.275Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T22:48:30.275Z",
+      "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to newly created processes and their parameters, potentially detecting unwanted or malicious shells.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.692Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.443Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included system information enumeration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6cace9e3-f095-4914-bddc-24cec8bcc859",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.276Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.276Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can collect the device’s photos, browser history, bookmarks, and accounts stored on the device.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6ce36374-2ff6-4b41-8493-148416153232",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.443Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.526Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect user account, photos, browser history, and arbitrary files.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6d2c7743-fc75-4524-b217-13867ca1dd10",
+      "created": "2019-09-03T20:08:00.649Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:32:04.659Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) can collect the contact list.(Citation: Talos Gustuff Apr 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6d659130-545b-4917-891c-6c1b7d54ed07",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.505Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.505Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can send SMS messages.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6d88242f-e45b-481c-bd41-b66a662618ce",
+      "created": "2022-04-06T13:57:24.730Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:57:24.730Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--76c12fc8-a4eb-45d6-a3b7-e371a7248f69",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108",
+      "created": "2023-03-20T18:57:17.059Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T20:53:47.270Z",
+      "description": "On Android, the user can review which applications can use premium SMS features in the \"Special access\" page within application settings. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.566Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.566Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6e811d89-6526-480f-be40-1ad6483182ff",
+      "created": "2023-10-10T15:33:58.801Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.801Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used the Play Store icon as well as the name “Google Play Marketplace”.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a",
+      "created": "2023-03-20T18:44:36.073Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:56:10.432Z",
+      "description": "The user can view and manage installed third-party keyboards.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6f240b1d-de8f-465d-a0f1-f75e828493c3",
+      "created": "2023-08-04T18:29:05.423Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T20:42:54.574Z",
+      "description": "(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f",
+      "target_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.585Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2021-04-19T17:11:50.418Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect attacker-specified files, including files located on external storage.(Citation: Lookout Desert Scorpion)\t",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87",
+      "type": "relationship",
+      "created": "2020-06-26T15:12:40.098Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:12:40.098Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can retrieve a list of installed applications.(Citation: ESET DEFENSOR ID)",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d",
+      "created": "2019-07-10T15:25:57.585Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:39:29.860Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.624Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.624Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can dynamically load additional functionality.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998",
+      "created": "2020-04-08T15:41:19.385Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can create overlays to capture user credentials for targeted applications.(Citation: Cofense Anubis)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7017085c-c612-48b2-b655-e18d7822d0e7",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:39:48.895Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests phone call history from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:26:35.443Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) maintains persistence by installing an Android application package (APK) on the system partition.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "Original samples of [BrainTest](https://attack.mitre.org/software/S0293) download their exploit packs for rooting from a remote server after installation.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e",
+      "type": "relationship",
+      "created": "2020-01-14T17:47:08.826Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2020-01-14T17:47:08.826Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) checks the Android version to determine which system library to patch.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-Xbot",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) can encrypt the victim's files in external storage (e.g., SD card) and then request a PayPal cash card as ransom.(Citation: PaloAlto-Xbot)",
+      "relationship_type": "uses",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.050Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.050Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--71490fdb-e271-4a67-b932-5288924b1dae",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-DualToy",
+          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DualToy](https://attack.mitre.org/software/S0315) collects the connected iOS device’s information including IMEI, IMSI, ICCID, serial number and phone number.(Citation: PaloAlto-DualToy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--716f68ee-1e77-4254-8f67-d8f3c71db678",
+      "type": "relationship",
+      "created": "2021-09-20T13:59:00.498Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2021-09-20T13:59:00.498Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can be controlled via phone call from a set of \"control phones.\"(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--718a612e-50c5-40ab-9081-b88cefeafcb6",
+      "created": "2021-04-26T15:33:55.905Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CitizenLab Circles",
+          "url": "https://citizenlab.ca/2020/12/running-in-circles-uncovering-the-clients-of-cyberespionage-firm-circles/",
+          "description": "Bill Marczak, John Scott-Railton, Siddharth Prakash Rao, Siena Anstis, and Ron Deibert. (2020, December 1). Running in Circles Uncovering the Clients of Cyberespionage Firm Circles. Retrieved December 23, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Circles](https://attack.mitre.org/software/S0602) can track the location of mobile devices.(Citation: CitizenLab Circles)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6a07c89-a24c-4c7e-9e3e-6153cc595e24",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1",
@@ -39710,25 +30713,190 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--a93ee044-bd5d-48f3-972e-0abab780c35c",
-      "created": "2023-02-08T20:05:06.786Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--724e1b64-7c9b-4a8f-a2ab-3f9cab539e68",
+      "created": "2023-10-10T19:19:38.654Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-29T21:21:22.070Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can steal information via malicious JavaScript.(Citation: trendmicro_tianyspy_0122)",
+      "modified": "2023-10-10T19:19:38.654Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) has exfiltrated cached data from infected devices.(Citation: lookout_bouldspy_0423)",
       "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7258542e-029b-45b9-be69-6e76d9c93b35",
+      "created": "2020-09-14T13:35:45.886Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016.",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:43:03.565Z",
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can hide its presence on the system.(Citation: ESET-Twitoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0",
+      "created": "2017-10-25T14:48:53.741Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security architecture improvements in each new version of Android and iOS make it more difficult to escalate privileges. Additionally, newer versions of Android have strengthened the sandboxing applied to applications, restricting their ability to enumerate file system contents.",
+      "modified": "2022-03-30T20:25:46.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.531Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:55:55.049Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can take pictures using the camera and can record MP4 files.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--72a88d43-4144-444e-8f71-ac0d19ae3710",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.256Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T14:13:45.256Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) can track the device’s location.(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--73410b22-5aca-4b86-8efc-98c1ad75399a",
+      "created": "2023-10-10T15:33:59.572Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.572Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) has masqueraded as “Google service”, “GooglePlay”, and “Flash update”.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9",
+      "type": "relationship",
+      "created": "2020-09-11T15:52:12.520Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:52:12.520Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can block, forward, hide, and send SMS messages.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--73d22490-4043-42d7-ad25-74e4a642bf6a",
+      "created": "2023-03-20T18:41:45.186Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CSRIC5-WG10-FinalReport",
+          "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
+          "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-15T15:06:03.429Z",
+      "description": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC5-WG10-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -39738,9 +30906,892 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248",
       "type": "relationship",
-      "created": "2019-07-10T15:25:57.604Z",
+      "id": "relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Enterprises can provision policies to mobile devices that require a minimum complexity (length, character requirements, etc.) for the device passcode, and cause the device to wipe all data if an incorrect passcode is entered too many times. Both policies would mitigate brute-force, guessing, or shoulder surfing of the device passcode. Enterprises can also provision policies to disable biometric authentication, however, biometric authentication can help make using a longer, more complex passcode more practical because it does not need to be entered as frequently. ",
+      "modified": "2022-03-28T19:20:30.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--74080f4f-1de2-464f-8ec1-0635fc142273",
+      "created": "2023-08-08T16:23:41.141Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:23:41.141Z",
+      "description": "Application vetting services may be able to list domains and/or IP addresses that applications communicate with. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.613Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.613Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--746eaf98-bd95-4e9a-a4ed-0e3f20402276",
+      "created": "2023-10-10T15:33:57.989Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:57.989Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can be bound to legitimate applications prior to installation on devices.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed",
+      "created": "2023-03-20T18:58:56.347Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:30:21.044Z",
+      "description": "Application vetting services can detect unnecessary and potentially abused location permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--74a137c7-b3f8-421f-bc52-bf9f0785d0ba",
+      "created": "2023-09-22T19:15:56.498Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T19:15:56.498Z",
+      "description": "Command-line activities can potentially be detected through Mobile Threat Defense (MTD) integrations with lower-level OS APIs. This could grant the MTD agents access to running processes and their parameters, potentially detecting file deletion processes.  ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+      "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69",
+      "created": "2020-04-08T15:51:25.078Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can use a multi-step phishing overlay to capture banking credentials and then credit card numbers after login.(Citation: ThreatFabric Ginp)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330",
+      "created": "2022-04-01T15:01:53.321Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores.",
+      "modified": "2022-04-01T15:01:53.321Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.282Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.282Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can record the screen.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6",
+      "created": "2023-03-16T13:31:29.822Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Android Privacy Indicators",
+          "description": "Google. (n.d.). Privacy Indicators. Retrieved April 20, 2022.",
+          "url": "https://source.android.com/devices/tech/config/privacy-indicators"
+        },
+        {
+          "source_name": "iOS Mic Spyware",
+          "description": "ZecOps Research Team. (2021, November 4). How iOS Malware Can Spy on Users Silently. Retrieved April 1, 2022.",
+          "url": "https://blog.zecops.com/research/how-ios-malware-can-spy-on-users-silently/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T21:08:37.537Z",
+      "description": "In iOS 14 and up, an orange dot (or orange square if the Differentiate Without Color setting is enabled) appears in the status bar when the microphone is being used by an application. However, there have been demonstrations indicating it may still be possible to access the microphone in the background without triggering this visual indicator by abusing features that natively access the microphone or camera but do not trigger the visual indicators.(Citation: iOS Mic Spyware)\n\n\nIn Android 12 and up, a green dot appears in the status bar when the microphone is being used by an application.(Citation: Android Privacy Indicators)",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78",
+      "type": "relationship",
+      "created": "2019-10-10T15:17:00.972Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "source_name": "FlexiSpy-Features"
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.666Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can monitor device photos and can also access browser history and bookmarks.(Citation: FlexiSpy-Features)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--75770898-93a7-45e3-bdb2-03172004a88f",
+      "created": "2022-03-30T14:49:47.451Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "url": "https://source.android.com/security/verifiedboot/",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
+      "modified": "2022-03-30T14:49:47.451Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--75989cf6-c023-4ed3-9d23-a83f55690186",
+      "created": "2023-02-28T21:43:36.886Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:43:36.886Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can read incoming text messages.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.286Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.286Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect various pieces of device network configuration information, such as mobile network operator.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--75a8614f-bf92-455d-b2ef-7085aff9a64d",
+      "created": "2023-08-16T16:33:56.014Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-15T19:16:57.874Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can log keystrokes and gather the lock screen password of an infected device by abusing Accessibility Services.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--75ed2348-279f-4485-97a3-9a5ada27d799",
+      "created": "2023-02-06T19:06:17.406Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:06:17.406Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can disable Play Protect.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--760037f0-f027-41bb-adf8-1ced6c7085be",
+      "created": "2023-10-10T15:33:59.225Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.225Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has mimicked Facebook and Google icons on the “Recent apps” screen to avoid discovery and uses the `com.google.xxx` package name to avoid detection.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.644Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.644Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--764ba23e-9902-4a60-8ec3-e0ae1abf92ce",
+      "created": "2023-09-22T19:16:35.609Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T19:16:35.609Z",
+      "description": "The user is prompted for approval when an application requests device administrator permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847",
+      "created": "2022-04-06T13:30:03.526Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught that Device Administrator permissions are very dangerous, and very few applications need it.",
+      "modified": "2022-04-06T13:30:03.527Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.425Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--76cc66f4-ce85-4873-a63e-879b4a14a540",
+      "created": "2023-03-03T16:23:20.764Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:23:20.764Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has connected to the C2 server via HTTP.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--76f852f3-f218-40e2-8fa1-6fb15c4cbf98",
+      "created": "2023-10-10T15:33:59.661Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.661Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has masqueraded as legitimate media player, social media, and VPN applications.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7793a066-d72b-4a60-9579-e16369ea7185",
+      "created": "2023-03-20T18:57:55.221Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:22:25.132Z",
+      "description": "The user can view a list of apps with accessibility service privileges in the device settings.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--77efa84c-5ef0-4554-b774-2dbfcca74087",
+      "type": "relationship",
+      "created": "2020-10-29T19:20:58.116Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:20:58.116Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has checked to see how many apps are installed, and specifically if Facebook or FB Messenger are installed.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7825f4b1-75ca-4377-b8f6-0dda9311d889",
+      "created": "2023-08-04T18:30:58.116Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:30:58.116Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can access a device’s location.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45",
+      "created": "2023-02-06T19:47:26.528Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:47:26.528Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has been distributed in obfuscated and packed form.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164",
+      "type": "relationship",
+      "created": "2020-01-27T17:49:05.664Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:49:05.664Z",
+      "description": "(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+      "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--789699c2-44f1-4280-bf86-ab23e6a13e84",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:18:51.813Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads calendar events and reminders.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to collect and leak the victim's phone number, mobile device unique identifier (IMEI).(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-14T17:15:52.637Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) One queries the device for its IMEI code and the phone number in order to validate the target of a new infection.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-BrainTest",
+          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[BrainTest](https://attack.mitre.org/software/S0293) stores a secondary Android app package (APK) in its assets directory in encrypted form, and decrypts the payload at runtime.(Citation: Lookout-BrainTest)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf",
+      "type": "relationship",
+      "created": "2020-09-11T15:43:49.309Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:43:49.309Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can send SMS messages from a device.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7",
+      "created": "2020-11-24T17:55:12.889Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:22:27.554Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7965128c-89d6-411e-b765-c60e0cae96c6",
+      "created": "2023-02-06T19:40:36.807Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:36:23.084Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can manipulate clipboard data to replace cryptocurrency addresses.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1",
+      "created": "2022-04-06T13:52:46.831Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 7 changed how the Device Administrator password APIs function.",
+      "modified": "2022-04-06T13:52:46.831Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--79ef0025-3e1c-4914-9873-19808c2a5bec",
+      "created": "2023-02-28T21:44:22.373Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T21:44:22.373Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record the screen and stream the data off the device.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--f9e4f526-ac9d-4df5-8949-833a82a1d2df",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7a50961b-9be4-4042-a6a0-878b612c520e",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.602Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -39749,27 +31800,395 @@
           "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
         }
       ],
-      "modified": "2019-08-12T17:30:07.572Z",
-      "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2019-08-12T17:30:07.571Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) uses the device microphone to record phone conversations.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
       "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.002Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.002Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has sent messages to an attacker-controlled number.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7accde36-cb29-43c6-8c66-6486efd867a8",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.157Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather GPS coordinates.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47",
-      "created": "2023-03-20T15:20:11.652Z",
-      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T15:20:11.652Z",
+      "id": "relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the victim for status and disables other access to the phone by other jailbreaking software.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024",
+      "created": "2022-04-15T18:11:06.097Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Skycure-Profiles",
+          "description": "Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved December 22, 2016.",
+          "url": "https://www.skycure.com/blog/malicious-profiles-the-sleeping-giant-of-ios-security/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:28:11.000Z",
+      "description": "Most [KeyRaider](https://attack.mitre.org/software/S0288) samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.(Citation: Skycure-Profiles)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3bc1f0ad-ef11-4afc-83c0-fcffe08d4e50",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f",
+      "created": "2022-04-01T18:49:19.284Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent versions of Android modified how device administrator applications are uninstalled, making it easier for the user to remove them. Android 7 introduced updates that revoke standard device administrators’ ability to reset the device’s passcode.",
+      "modified": "2022-04-01T18:49:19.284Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046",
+      "created": "2022-04-05T17:14:35.469Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
       "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "modified": "2022-04-05T17:14:35.469Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14",
+      "created": "2020-06-26T15:32:25.043Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:53:04.417Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) disables Google Play Protect to prevent its discovery and deletion in the future.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb",
+      "created": "2019-08-09T16:19:02.782Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android Capture Sensor 2019",
+          "url": "https://developer.android.com/about/versions/pie/android-9.0-changes-all#bg-sensor-access",
+          "description": "Android Developers. (, January). Android 9+ Privacy Changes . Retrieved August 27, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 9 and above restricts access to microphone, camera, and other sensors from background applications.(Citation: Android Capture Sensor 2019) ",
+      "modified": "2022-04-01T15:21:13.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.417Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-15T15:36:42.340Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can query various details about the device, including phone number, country, mobile operator, model, root availability, and operating system version.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ba30703-c3aa-425a-9482-9e9941fd7038",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.961Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.961Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access the camera on the device.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890",
+      "created": "2023-01-18T19:09:40.955Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:58:45.439Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can record the screen via the `MediaProjection` library to harvest user credentials, including biometric PINs.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:34:08.372Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) gathers contacts from the system by dumping the victim's address book.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7bbbd2aa-104f-443a-907e-6e1fbcf0a73e",
+      "created": "2023-07-21T19:34:29.630Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:34:29.630Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can take and exfiltrate screenshots.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7bc6460d-b36e-41ed-baa0-82d54ec19e57",
+      "created": "2023-08-04T18:58:19.825Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:58:58.480Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can exfiltrate data back to the C2 server using HTTP.(Citation: lookout_hornbill_sunbird_0221) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc",
+      "created": "2020-04-08T15:41:19.400Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:17:41.320Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can modify administrator settings and disable Play Protect.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7c4a4766-cb63-4a3c-85ef-a1dba3be4a47",
+      "created": "2023-06-09T19:19:56.840Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-06-09T19:19:56.840Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) has monitored for SMS and WhatsApp notifications.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -39780,25 +32199,213 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--7c6207c7-d738-4a17-8380-595c86574b64",
       "type": "relationship",
-      "id": "relationship--4454a696-7619-40ee-971b-cbf646e4ee61",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-09-11T16:22:03.298Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.298Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can track the device’s location.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56",
+      "created": "2019-09-03T20:08:00.737Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Lookout-EnterpriseApps",
-          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/",
-          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016."
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[PJApps](https://attack.mitre.org/software/S0291) has the capability to send messages to premium SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) abuses accessibility features to intercept all interactions between a user and the device.(Citation: Talos Gustuff Apr 2019)",
+      "modified": "2022-04-15T17:39:08.123Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7d2f869d-a117-4b1f-a783-c6d3fc002562",
+      "created": "2023-07-21T19:38:52.085Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:38:52.085Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) uses unencrypted HTTP traffic between the victim and C2 infrastructure.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7d481598-ece7-469c-b231-619a804c25e5",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:34:25.318Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) captures SMS messages that the victim sends or receives.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688",
+      "created": "2020-05-07T15:33:32.910Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:19:44.427Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can hide its icon from the application launcher.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7db33293-6971-4c0d-88e0-18f505ebd943",
+      "created": "2022-04-05T20:11:51.188Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Recent OS versions have made it more difficult for applications to register as VPN providers. ",
+      "modified": "2022-04-05T20:11:51.188Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62",
+      "created": "2023-03-20T18:57:14.194Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T14:49:51.309Z",
+      "description": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.005Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.005Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken photos with the device camera.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7defdb15-65d1-40ca-a9da-5c0484892484",
+      "created": "2020-04-24T17:46:31.616Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can be controlled via encrypted SMS message.(Citation: SecurityIntelligence TrickMo)",
       "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--c709da93-20c3-4d17-ab68-48cba76b2137",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -39806,25 +32413,157 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109",
       "type": "relationship",
-      "created": "2020-05-07T15:33:32.928Z",
+      "id": "relationship--7e00d3ac-a97a-4db0-9699-7474d81413a8",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:41:33.831Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881",
+      "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed",
+      "created": "2019-07-10T15:35:43.668Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:55:00.294Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses the device contact list.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7e8956e3-7d90-412d-a82f-d61e43239923",
+      "created": "2023-03-20T18:44:01.387Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:21:32.437Z",
+      "description": "Application vetting services may indicate precisely what content was requested during application execution.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.429Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
         }
       ],
-      "modified": "2020-05-07T15:33:32.928Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)",
+      "modified": "2020-11-20T16:37:28.429Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect images, videos, and attacker-specified files.(Citation: Symantec GoldenCup)",
       "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.340Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T18:55:29.238Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can use its ransomware module to encrypt device data and hold it for ransom.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030",
+      "created": "2022-03-30T20:42:04.251Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised to be extra scrutinous of applications that request location, and to deny any permissions requests for applications they do not recognize.",
+      "modified": "2022-03-30T20:42:04.251Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--7f4e1ac1-145e-4983-b735-7f70003893aa",
+      "created": "2023-08-04T18:29:35.223Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:29:35.223Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate call logs.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -39861,163 +32600,155 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--5b235ed4-548d-49f2-ae01-1874666e6747",
-      "created": "2022-03-30T19:51:56.543Z",
-      "x_mitre_version": "0.1",
+      "id": "relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9",
+      "created": "2019-07-16T14:33:12.113Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Krebs-Triada June 2019",
+          "url": "https://krebsonsecurity.com/2019/06/tracing-the-supply-chain-attack-on-android-2/",
+          "description": "Krebs, B. (2019, June 25). Tracing the Supply Chain Attack on Android. Retrieved July 16, 2019."
+        },
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-03-30T19:51:56.543Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) was added into the Android system by a third-party vendor identified as Yehuo or Blazefire during the production process.(Citation: Google Triada June 2019)(Citation: Krebs-Triada June 2019)",
+      "modified": "2022-04-19T15:47:32.152Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
       "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--dc7ef843-a073-4e23-b717-c505d4863b02",
-      "created": "2023-03-20T18:53:58.856Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:58.856Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420",
+      "id": "relationship--806a9338-be20-4eef-aa54-067633ac0e58",
       "type": "relationship",
-      "created": "2021-01-20T16:01:19.409Z",
+      "created": "2020-04-08T15:41:19.421Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Trend Micro Anubis",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
         }
       ],
-      "modified": "2021-01-20T16:01:19.409Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)",
+      "modified": "2020-04-08T15:41:19.421Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the device’s GPS location.(Citation: Cofense Anubis)",
       "relationship_type": "uses",
       "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--1cca5e17-80ae-4b6e-8919-2768153aa966",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
+      "id": "relationship--80778a1e-715d-477b-87fa-e92181b31659",
+      "created": "2020-12-24T21:45:56.967Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) uses phishing pages mimicking Google Play's payment interface as well as bank login pages.(Citation: PaloAlto-Xbot)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d",
-      "type": "relationship",
-      "created": "2021-10-01T14:42:48.740Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "modified": "2021-10-12T13:51:41.045Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect images stored on the device and browser history.(Citation: SecureList BusyGasper)",
+      "modified": "2023-04-05T17:15:22.472Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can delete various piece of device data, such as contacts, call logs, applications, SMS messages, email, plugins, and files in external storage.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8",
+      "id": "relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9",
       "type": "relationship",
-      "created": "2019-09-04T15:38:56.994Z",
+      "created": "2021-01-05T20:16:20.502Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "FlexiSpy-Features",
-          "url": "https://www.flexispy.com/en/features-overview.htm",
-          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
-      "modified": "2019-09-10T14:59:26.171Z",
-      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can take screenshots of other applications.(Citation: FlexiSpy-Features) ",
+      "modified": "2021-01-05T20:16:20.502Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can take screenshots.(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
-      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
       "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--812490b8-2160-47e9-9e1e-c1749b7ee86d",
+      "created": "2023-09-28T17:40:03.722Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zimperium FlyTrap",
+          "description": "A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023.",
+          "url": "https://www.zimperium.com/blog/flytrap-android-malware-compromises-thousands-of-facebook-accounts/"
+        },
+        {
+          "source_name": "Trend Micro FlyTrap",
+          "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+          "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--03ff6271-d7bc-40f3-b83d-25c541333694",
-      "type": "relationship",
-      "created": "2019-11-19T17:32:20.701Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2019-12-26T16:14:33.468Z",
-      "description": "If a user sees a persistent notification they do not recognize, they should uninstall the source application and look for other unwanted applications or anomalies.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
-      "x_mitre_version": "1.0",
+      "modified": "2023-10-10T19:13:17.011Z",
+      "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can collect Facebook account information, such as Facebook ID, email address, cookies, and login tokens.(Citation: Trend Micro FlyTrap)(Citation: Zimperium FlyTrap)",
+      "relationship_type": "uses",
+      "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48",
-      "created": "2023-03-16T18:37:55.715Z",
+      "id": "relationship--81722aad-f503-4a74-91d5-1843adf8a995",
+      "created": "2023-08-16T16:36:04.747Z",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-16T18:37:55.715Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "modified": "2023-08-16T16:36:04.747Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can prevent application removal by abusing Accessibility Services.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -40025,41 +32756,25 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15",
       "type": "relationship",
-      "created": "2021-09-24T14:47:34.447Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-04T20:08:48.439Z",
-      "description": "Device attestation can often detect rooted devices.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af",
-      "created": "2020-12-14T14:52:03.322Z",
+      "id": "relationship--818b8c2b-bd23-4a83-9970-d42063608699",
+      "created": "2020-04-24T15:06:33.393Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:52:58.974Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s contact list.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2023-04-05T19:49:04.950Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device contacts.(Citation: TrendMicro Coronavirus Updates)",
       "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -40070,22 +32785,132 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23",
+      "id": "relationship--81db3270-4cb8-4982-8ff8-c28a874e8421",
       "type": "relationship",
-      "created": "2020-09-11T14:54:16.566Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+          "source_name": "TrendMicro-DressCode",
+          "description": "Echo Duan. (2016, September 29). DressCode and its Potential Impact for Enterprises. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/"
         }
       ],
-      "modified": "2020-09-11T14:54:16.566Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect device metadata and can check if the device is rooted.(Citation: Lookout Desert Scorpion)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DressCode](https://attack.mitre.org/software/S0300) sets up a \"general purpose tunnel\" that can be used by an adversary to compromise enterprise networks that the mobile device is connected to.(Citation: TrendMicro-DressCode)",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--ff742eeb-1f90-4f5a-8b92-9d40fffd99ca",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416",
+      "created": "2023-03-20T18:52:56.247Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T22:33:23.699Z",
+      "description": "Mobile security products can detect which applications can request device administrator permissions. Application vetting services could be extra scrutinous of applications that request device administrator permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f",
+      "created": "2020-06-02T14:32:31.906Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has communicated with the C2 using HTTPS requests over ports 43111, 43223, and 43773.(Citation: Volexity Insomnia)",
+      "modified": "2022-04-20T16:40:05.898Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Judy",
+          "description": "CheckPoint. (2017, May 25). The Judy Malware: Possibly the largest malware campaign found on Google Play. Retrieved September 18, 2018.",
+          "url": "https://blog.checkpoint.com/2017/05/25/judy-malware-possibly-largest-malware-campaign-found-google-play/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Judy](https://attack.mitre.org/software/S0325) bypasses Google Play's protections by downloading a malicious payload at runtime after installation.(Citation: CheckPoint-Judy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--172444ab-97fc-4d94-b142-179452bfb760",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8244700e-6f96-463a-a9c3-810c489a2c60",
+      "created": "2023-03-20T15:20:24.554Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T14:54:57.884Z",
+      "description": "Application vetting services could detect applications trying to modify files in protected parts of the operating system.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--82555171-8b78-40f3-84d9-058359ae808a",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.244Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.244Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can send and block SMS messages.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -40093,45 +32918,60 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68",
       "type": "relationship",
-      "created": "2020-12-24T21:45:56.979Z",
+      "id": "relationship--825ffecc-090f-44c8-87be-f7b72e07f987",
+      "created": "2022-04-01T18:43:15.716Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security software can typically detect if a device has been rooted or jailbroken and can inform the user, who can then take appropriate action.",
+      "modified": "2022-04-01T18:43:15.716Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2021-04-19T14:29:46.650Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
+      "type": "relationship",
+      "id": "relationship--828417ec-c444-41c8-95b4-c339c5ecf62b",
+      "created": "2022-03-30T20:48:00.360Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS users should be instructed to not download applications from unofficial sources, as applications distributed via the Apple App Store cannot list installed applications on a device.",
+      "modified": "2022-03-30T20:48:00.360Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51",
-      "created": "2020-12-14T14:52:03.359Z",
+      "id": "relationship--82a51cc3-7a91-43b0-9147-df5983e52b41",
+      "created": "2020-12-14T15:02:35.208Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:12:27.624Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2023-04-05T20:08:11.798Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has communicated with the C2 using HTTP POST requests.(Citation: Securelist Asacub)",
       "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
       "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -40140,26 +32980,854 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea",
-      "created": "2023-02-06T19:45:58.793Z",
+      "id": "relationship--82b58c75-239e-4dac-b848-bc1f3354adc4",
+      "created": "2023-03-20T18:41:18.288Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+          "source_name": "Samsung Knox Mobile Threat Defense",
+          "description": "Samsung Knox Partner Program. (n.d.). Knox for Mobile Threat Defense. Retrieved March 30, 2022.",
+          "url": "https://partner.samsungknox.com/mtd"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-11T22:08:45.192Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use the open-source project RetroFit for C2 communication.(Citation: threatfabric_sova_0921)",
+      "modified": "2023-08-07T22:14:04.455Z",
+      "description": "Application vetting services could detect the invocations of methods that could be used to execute shell commands.(Citation: Samsung Knox Mobile Threat Defense)",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--82e93a9e-6968-497f-8043-a08d0f35bd32",
+      "created": "2023-10-10T15:33:57.378Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021.",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html"
+        },
+        {
+          "source_name": "Cofense Anubis",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:57.378Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) has requested accessibility service privileges while masquerading as \"Google Play Protect\" and has disguised additional malicious application installs as legitimate system updates.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
       "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--82f12052-783e-40e4-8079-d9c030c310fd",
+      "created": "2022-03-30T20:08:40.223Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android and iOS include system partition integrity mechanisms that could detect unauthorized modifications. ",
+      "modified": "2022-03-30T20:08:40.223Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--82f51cc6-6ce4-459e-b598-7b2b77983469",
+      "created": "2020-04-24T15:06:33.526Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:28:18.530Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect SMS messages.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--83358774-0857-429c-9f7a-151403e52881",
+      "created": "2023-10-10T15:33:59.912Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.912Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used names like WhatsApp and Netflix.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-Xbot",
+          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:28:32.568Z",
+      "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)",
+      "relationship_type": "uses",
+      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:28:46.820Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects SMS messages.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "modified": "2019-10-15T19:54:10.285Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) gathered system information including phone number, OS version, phone model, and SDK version.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--83d95d05-7545-4295-894b-f33a2ba1063b",
+      "created": "2020-12-17T20:15:22.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:47:45.408Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has registered several broadcast receivers.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--848581bc-bf8f-40e2-871e-cd67042b4adf",
+      "created": "2023-01-18T19:14:40.120Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:59:26.448Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use overlays to steal user banking credentials entered into legitimate sites.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8499ffce-1045-4a8a-9e09-ec53d535a021",
+      "created": "2023-10-10T15:33:58.887Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.887Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) has masqueraded as VPN and Android system apps.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--84dbe7c6-421b-4bfb-b022-6c585c2e50c4",
+      "created": "2023-10-10T15:33:59.401Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.401Z",
+      "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) distributed malware as repackaged legitimate applications, with the malicious code in the `com.golf` package.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103",
+      "created": "2019-09-23T13:36:08.341Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:58:27.974Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can communicate with the command and control server using JSON payloads sent in HTTP POST request bodies. It can also communicate by using JSON messages sent through Google Cloud Messaging.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
       "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "modified": "2019-10-09T14:51:42.845Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02",
+      "created": "2020-06-26T15:32:25.144Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint Cerberus",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020.",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:10:26.480Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) communicates with the C2 server using HTTP.(Citation: CheckPoint Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3",
+      "created": "2020-07-15T20:20:59.287Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:53:17.865Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can disable Play Protect.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--86170d29-0e41-44d0-94b0-de7d23718302",
+      "created": "2022-04-05T19:42:39.957Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android 12 Features",
+          "url": "https://developer.android.com/about/versions/12/features",
+          "description": "Google. (2022, April 4). Features and APIs Overview. Retrieved April 5, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "The `HIDE_OVERLAY_WINDOWS` permission was introduced in Android 12 allowing apps to hide overlay windows of type `TYPE_APPLICATION_OVERLAY` drawn by other apps with the `SYSTEM_ALERT_WINDOW` permission, preventing other applications from creating overlay windows on top of the current application.(Citation: Android 12 Features)",
+      "modified": "2022-04-05T19:51:47.956Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788",
+      "created": "2020-05-07T15:33:32.903Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:20:05.166Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) deletes infected applications’ update packages when they are detected on the system, preventing updates.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8",
+      "created": "2022-04-05T19:49:59.027Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:49:59.027Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--867b4929-20f2-47cd-9ab3-43a5a6ea98b5",
+      "created": "2023-06-09T19:19:38.523Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:11:52.875Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) has a list of file extensions that it may use to log certain operations (creation, open, close, modification, movement, deletion) on files of those types.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f",
+      "created": "2022-04-06T13:39:39.883Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:39:39.883Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.081Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) collects the device’s IMEI, carrier, mobile country code, and mobile network code.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef",
+      "created": "2022-03-30T20:41:43.314Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
+      "modified": "2022-03-30T20:41:43.314Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--873b98de-d7cf-471b-9aa2-229eb03c9165",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.459Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect device information, including OS version and device model.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--875dc21d-92c3-45bf-be37-faa44f4449bf",
+      "created": "2020-06-02T14:32:31.891Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:51:44.262Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect the device’s contact list.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298",
+      "created": "2020-12-14T15:02:35.297Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T18:06:30.456Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect the device’s contact list.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--886849fc-f83c-4d69-b700-bfad0def765d",
+      "created": "2023-03-16T18:32:30.054Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:12:27.186Z",
+      "description": "On Android, the user can manage which applications have permission to access the call log through the device settings screen, revoking the permission if necessary.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8870c211-820a-46a1-96fc-02f4e6eaec03",
+      "type": "relationship",
+      "created": "2020-11-10T16:50:39.134Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T15:40:36.387Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has collected device network information, including 16-bit GSM Cell Identity, 16-bit Location Area Code, Mobile Country Code (MCC), and Mobile Network Code (MNC). [CarbonSteal](https://attack.mitre.org/software/S0529) has also called `netcfg` to get stats.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--88de8869-2b01-4702-8518-e4e78fde44d9",
+      "created": "2023-07-12T20:45:18.766Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-12T20:45:18.766Z",
+      "description": "",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--88ded3fb-759e-4e96-946b-e7148c54856e",
+      "created": "2022-04-08T16:29:30.371Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-08T16:29:30.371Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--88e33687-e999-42c8-b46b-49d2adfa17d0",
+      "created": "2022-04-01T15:02:04.528Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Apple regularly provides security updates for known OS vulnerabilities. ",
+      "modified": "2022-04-01T15:02:04.528Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.449Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s microphone.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--891edea2-817c-4eeb-9991-b6e095c269a8",
+      "created": "2020-06-02T14:32:31.903Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:40:06.957Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can retrieve the call history.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0",
+      "type": "relationship",
+      "created": "2020-04-24T15:12:11.185Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:12:11.185Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) requests permissions to use the device camera.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--89565753-23c4-422d-a9ba-39f4101cd819",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.485Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.485Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can track the device’s location.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d",
+      "created": "2023-03-20T15:55:09.279Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:44:32.659Z",
+      "description": "Application vetting services may be able to detect if an application attempts to encrypt files, although this may be benign behavior.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -40191,26 +33859,433 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
       "type": "relationship",
-      "id": "relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f",
-      "created": "2021-01-20T16:01:19.488Z",
+      "id": "relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724",
+      "created": "2022-04-01T15:02:21.344Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken devices. ",
+      "modified": "2022-04-01T15:02:21.344Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8a89f675-4e43-4fe1-8bbd-8e49e07d11be",
+      "created": "2023-07-21T19:35:34.846Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Trend Micro Anubis",
-          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021.",
-          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html"
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:17:07.374Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) has used motion sensor data  to attempt to determine if it is running in an emulator.(Citation: Trend Micro Anubis)",
+      "modified": "2023-07-21T19:35:34.846Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can access browser history and bookmarks, and can list all files and folders on the device.(Citation: lookout_bouldspy_0423)",
       "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.615Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.615Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can record videos.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8b27a786-b4d9-4014-a249-3725442f9f1d",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.499Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.499Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can obtain a list of installed applications.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9",
+      "created": "2020-09-11T14:54:16.649Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:52:05.260Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect the device’s contact list.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711",
+      "created": "2023-02-06T20:12:17.434Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:04:59.445Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_CALL_LOG` permission.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.503Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.503Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can record MP4 files and monitor calls.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090",
+      "created": "2023-03-20T18:58:30.773Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:43:56.718Z",
+      "description": "On Android 10 and later, the system shows a notification to the user when an app has been accessing device location in the background.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556",
+      "created": "2019-09-04T15:38:56.678Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm"
+        },
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:44:31.870Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) is capable of hiding SuperSU's icon if it is installed and visible.(Citation: FortiGuard-FlexiSpy) [FlexiSpy](https://attack.mitre.org/software/S0408) can also hide its own icon to make detection and the uninstallation process more difficult.(Citation: FlexiSpy-Features)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52",
+      "created": "2023-01-19T18:07:52.146Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:19:25.438Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can exfiltrate collected user data, including credentials and authorized cookies, via email.(Citation: trendmicro_tianyspy_0122) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8bcc9da8-c390-4151-b72d-30604820673e",
+      "created": "2023-08-04T19:05:04.644Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:05:04.644Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can search for installed applications such as WhatsApp.(Citation: lookout_hornbill_sunbird_0221) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c034c66-18ad-4b30-9f17-ed574c10918f",
+      "created": "2023-03-20T18:56:20.203Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:08:44.242Z",
+      "description": "The user can view permissions granted to an application in device settings. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91",
+      "created": "2020-12-18T20:14:47.369Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020.",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:48:00.045Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has registered several broadcast receivers.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c50e9e7-e13c-4814-98d0-088d73b10005",
+      "created": "2023-03-03T16:21:24.531Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:21:24.531Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has modified Safari’s default search engine, bookmarked websites, opened pages, and accessed contacts and authorization tokens of the IM program “QQ” on infected devices.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c656539-aa1e-42db-9016-d38f1daaae16",
+      "created": "2023-01-18T19:20:26.156Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:06:05.822Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can collect user SMS messages.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c7598a6-6046-491d-99a7-52c31974a9a9",
+      "created": "2023-03-20T18:57:40.504Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:36:24.934Z",
+      "description": "Application vetting services could look for misuse of dynamic libraries.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.512Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can check the device’s battery status.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b",
+      "created": "2020-09-11T14:54:16.638Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:36:55.810Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can delete copies of itself if additional APKs are downloaded to external storage.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -40221,24 +34296,24 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd",
-      "created": "2021-01-05T20:16:20.488Z",
+      "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1",
+      "created": "2017-12-14T16:46:06.044Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+          "source_name": "TrendMicro-RCSAndroid",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can launch a fake Facebook login page.(Citation: Zscaler TikTok Spyware)",
-      "modified": "2022-04-12T10:01:44.682Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)",
+      "modified": "2022-04-19T14:25:41.669Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -40246,25 +34321,352 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208",
+      "id": "relationship--8d027310-93a0-4046-b7ad-d1f461f30838",
       "type": "relationship",
-      "created": "2020-07-20T13:27:33.546Z",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Talos-WolfRAT",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
         }
       ],
-      "modified": "2020-08-10T21:57:54.537Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)",
+      "modified": "2019-08-09T17:53:48.783Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) has the ability to dynamically download and execute new code at runtime.(Citation: TrendMicro-RCSAndroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--8d3ca04e-867f-4274-bc61-f18c0282a0a9",
+      "created": "2023-08-04T18:29:54.503Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-26T12:53:15.952Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate a device's contacts.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b",
+      "created": "2023-02-06T19:47:08.535Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cleafy_sova_1122",
+          "description": "Francesco Lubatti, Federico Valentini. (2022, November 8). SOVA malware is back and is evolving rapidly. Retrieved March 30, 2023.",
+          "url": "https://www.cleafy.com/cleafy-labs/sova-malware-is-back-and-is-evolving-rapidly"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-30T15:13:44.210Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has code to encrypt device data with AES.(Citation: cleafy_sova_1122)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803",
+      "created": "2023-02-06T19:05:00.862Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:20:37.796Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can obtain a list of installed applications.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8e67f2e0-65da-4d27-9d41-e2f9a174331b",
+      "created": "2023-10-10T15:33:58.186Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.186Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) has masqueraded as “Adobe Flash Player” and “Google Play Verificator”.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de",
+      "created": "2023-01-18T19:16:45.773Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:07:34.581Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) has used custom encryption to hide strings, potentially to evade antivirus products.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8ea39534-6fe9-404c-94b7-0f320af95404",
+      "created": "2022-04-01T15:17:21.511Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:17:21.511Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--77e30eee-fd48-40b4-99ec-73e97c158b58",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc",
+      "type": "relationship",
+      "created": "2019-09-23T13:36:08.441Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-09-23T13:36:08.441Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) retrieves a list of installed applications and sends it to the command and control server.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted location information.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8f142643-0448-4b04-8260-8e4e62ad80bb",
+      "created": "2023-08-04T18:34:42.357Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-26T12:54:48.541Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can download adversary specified content from FTP shares.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8",
+      "created": "2022-03-30T18:06:21.355Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Symantec-iOSProfile2",
+          "url": "https://www.symantec.com/connect/blogs/apple-ios-103-finally-battles-malicious-profiles",
+          "description": "Brian Duckering. (2017, March 27). Apple iOS 10.3 Finally Battles Malicious Profiles. Retrieved September 24, 2018."
+        },
+        {
+          "source_name": "Android-TrustedCA",
+          "url": "https://android-developers.googleblog.com/2016/07/changes-to-trusted-certificate.html",
+          "description": "Chad Brubaker. (2016, July 7). Changes to Trusted Certificate Authorities in Android Nougat. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile OSes have implemented measures to make it more difficult to trick users into installing untrusted certificates and configurations. iOS 10.3 and higher add an additional step for users to install new trusted CA certificates and configuration profiles. On Android, apps that target compatibility with Android 7 and higher (API Level 24) default to only trusting CA certificates that are bundled with the operating system, not CA certificates that are added by the user or administrator, hence decreasing their susceptibility to successful adversary-in-the-middle attack.(Citation: Symantec-iOSProfile2)(Citation: Android-TrustedCA)",
+      "modified": "2022-03-30T18:06:21.355Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8f2929a9-cd25-4e07-b402-447da68aaa56",
+      "created": "2020-04-24T15:06:33.455Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:10:43.246Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.298Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.298Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) obfuscates its hardcoded C2 URLs.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--8f4c7030-f3e2-4c7d-b5b1-dc6815055c68",
+      "created": "2023-06-09T19:15:30.280Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:07:51.438Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect voice notes and messages from WhatsApp, if installed.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57",
@@ -40293,273 +34695,25 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--9b56528f-cf04-4d81-80ee-7bacb862383a",
-      "created": "2023-03-20T18:57:33.693Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:33.693Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a",
-      "created": "2019-07-16T14:33:12.175Z",
+      "id": "relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3",
+      "created": "2020-04-08T15:41:19.404Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Kaspersky Triada March 2016",
-          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
-          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
+          "source_name": "Cofense Anubis",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:25:35.330Z",
-      "description": "[Triada](https://attack.mitre.org/software/S0424) variants capture transaction data from SMS-based in-app purchases.(Citation: Kaspersky Triada March 2016) ",
+      "modified": "2023-04-05T17:18:13.761Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can steal the device’s contact list.(Citation: Cofense Anubis) ",
       "relationship_type": "uses",
-      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b",
-      "created": "2020-04-08T15:51:25.128Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "ThreatFabric Ginp",
-          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
-          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:29:36.827Z",
-      "description": "[Ginp](https://attack.mitre.org/software/S0423) can collect SMS messages.(Citation: ThreatFabric Ginp)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-Xbot",
-          "description": "Cong Zheng, Claud Xiao and Zhi Xu. (2016, February 18). New Android Trojan “Xbot” Phishes Credit Cards and Bank Accounts, Encrypts Devices for Ransom. Retrieved December 21, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2016/02/new-android-trojan-xbot-phishes-credit-cards-and-bank-accounts-encrypts-devices-for-ransom/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:28:32.568Z",
-      "description": "[Xbot](https://attack.mitre.org/software/S0298) steals all SMS message and contact information as well as intercepts and parses certain SMS messages.(Citation: PaloAlto-Xbot)",
-      "relationship_type": "uses",
-      "source_ref": "tool--da21929e-40c0-443d-bdf4-6b60d15448b4",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2",
-      "created": "2023-03-20T18:53:15.929Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:53:15.929Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4",
-      "created": "2022-03-28T19:30:27.364Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.",
-      "modified": "2022-03-28T19:30:27.364Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046",
-      "created": "2022-04-05T17:14:35.469Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-05T17:14:35.469Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8",
-      "type": "relationship",
-      "created": "2020-04-24T17:46:31.613Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
-        }
-      ],
-      "modified": "2020-04-24T17:46:31.613Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can inject input to set itself as the default SMS handler, and to automatically click through pop-ups without giving the user any time to react.(Citation: SecurityIntelligence TrickMo)",
-      "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564",
-      "created": "2020-11-10T17:08:35.771Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:00:11.412Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d",
-      "created": "2023-03-16T18:28:40.419Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:28:40.419Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc",
-      "created": "2021-10-01T14:42:49.174Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:26:41.762Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can abuse existing root access to copy components into the system partition.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2",
-      "created": "2020-07-15T20:20:59.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:29:29.307Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -40569,9 +34723,9 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5a277966-4559-487e-bdfb-7be6366ccdb6",
+      "id": "relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5",
       "type": "relationship",
-      "created": "2019-09-03T19:45:48.508Z",
+      "created": "2019-09-03T19:45:48.501Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -40580,218 +34734,10 @@
           "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
         }
       ],
-      "modified": "2019-09-11T13:25:19.114Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take pictures with the device cameras.(Citation: SWB Exodus March 2019) ",
+      "modified": "2019-10-14T16:47:53.197Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can record audio from the compromised device's microphone and can record call audio in 3GP format.(Citation: SWB Exodus March 2019) ",
       "relationship_type": "uses",
       "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:28.015Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:28.015Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de",
-      "type": "relationship",
-      "created": "2019-10-14T20:49:24.571Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "source_name": "securelist rotexy 2018"
-        }
-      ],
-      "modified": "2019-10-14T20:49:24.571Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2",
-      "created": "2020-07-27T14:14:57.020Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Google Security Zen",
-          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
-          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:52:46.975Z",
-      "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)",
-      "relationship_type": "uses",
-      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03",
-      "created": "2020-12-24T21:45:56.962Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:14:46.472Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a",
-      "type": "relationship",
-      "created": "2019-08-09T17:53:48.716Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
-          "source_name": "TrendMicro-RCSAndroid"
-        }
-      ],
-      "modified": "2019-08-09T17:53:48.716Z",
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c",
-      "created": "2023-03-20T18:51:29.814Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:51:29.814Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7",
-      "created": "2023-03-20T18:57:42.922Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:57:42.922Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622",
-      "created": "2020-07-15T20:20:59.280Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:45:27.443Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)",
-      "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886",
-      "type": "relationship",
-      "created": "2021-02-17T20:43:52.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout FrozenCell",
-          "url": "https://blog.lookout.com/frozencell-mobile-threat",
-          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
-        }
-      ],
-      "modified": "2021-02-17T20:43:52.274Z",
-      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)",
-      "relationship_type": "uses",
-      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
       "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -40801,146 +34747,23 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c",
-      "created": "2017-10-25T14:48:53.747Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 7 and later iOS versions introduced changes that prevent applications from performing Process Discovery without elevated privileges.  ",
-      "modified": "2022-03-30T20:32:46.334Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3230c032-17e0-49f7-b948-c157049aafe2",
-      "created": "2017-10-25T14:48:53.742Z",
-      "x_mitre_version": "1.0",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should ensure bootloaders are locked to prevent arbitrary operating system code from being flashed onto the device.",
-      "modified": "2022-04-01T15:34:50.556Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea",
-      "created": "2022-04-06T13:40:14.515Z",
+      "id": "relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9",
+      "created": "2022-03-30T14:26:02.359Z",
       "x_mitre_version": "0.1",
       "external_references": [
         {
-          "source_name": "Android 10 Privacy Changes",
-          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
-          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
+          "source_name": "Android Changes to System Broadcasts",
+          "url": "https://developer.android.com/guide/components/broadcasts#changes-system-broadcasts",
+          "description": "Google. (2019, December 27). Broadcasts Overview. Retrieved January 27, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Android 10 prevents applications from accessing clipboard data unless the application is on the foreground or is set as the device’s default input method editor (IME).(Citation: Android 10 Privacy Changes)",
-      "modified": "2022-04-06T13:40:14.515Z",
+      "description": "Android 8 introduced additional limitations on the implicit intents that an application can register for.(Citation: Android Changes to System Broadcasts) ",
+      "modified": "2022-03-30T14:26:02.359Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.394Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.394Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--327d0102-2113-4e12-be68-504db097a6fd",
-      "created": "2019-08-07T15:57:13.409Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Kaspersky Riltok June 2019",
-          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
-          "url": "https://securelist.com/mobile-banker-riltok/91374/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:01:31.230Z",
-      "description": "[Riltok](https://attack.mitre.org/software/S0403) communicates with the command and control server using HTTP requests.(Citation: Kaspersky Riltok June 2019)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
-      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8",
-      "created": "2022-04-01T15:16:02.324Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "iOS Universal Links",
-          "url": "https://developer.apple.com/ios/universal-links/",
-          "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020."
-        },
-        {
-          "source_name": "Android App Links",
-          "url": "https://developer.android.com/training/app-links/verify-site-associations",
-          "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020."
-        },
-        {
-          "source_name": "IETF-PKCE",
-          "url": "https://tools.ietf.org/html/rfc7636",
-          "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ",
-      "modified": "2022-04-01T15:16:02.324Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -40975,219 +34798,71 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab",
+      "id": "relationship--901492b5-b074-4631-ad6e-4178caa4164a",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-12-24T22:04:28.017Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "TrendMicro-Obad",
-          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)",
+      "modified": "2020-12-24T22:04:28.017Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has recorded calls and environment audio in .amr format.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4",
-      "created": "2022-04-05T19:38:41.538Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
-      "modified": "2022-04-05T19:38:41.538Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5e95ca90-bf75-4031-a28f-f8565c02185c",
-      "created": "2020-11-24T17:55:12.883Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:23:49.569Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can lock the user out of the device by showing a persistent overlay.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c",
-      "created": "2023-03-03T16:24:30.564Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-03T16:24:30.564Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hijacked normal application’s launch routines to display ads.(Citation: paloalto_yispecter_1015)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631",
-      "type": "relationship",
-      "created": "2020-11-24T17:55:12.885Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.885Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used timers to enable Wi-Fi, ping the C2 server, register the device with the C2, and register wake locks on the system.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--00290ac5-551e-44aa-bbd8-c4b913488a6d",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c",
-      "created": "2022-04-01T18:48:03.156Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:48:03.156Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc",
-      "created": "2022-03-30T19:36:20.304Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
-      "modified": "2022-03-30T19:36:20.304Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--22290cce-856a-46d5-9589-699f5dfc1429",
-      "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "TrendMicro-XLoader",
-          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
-        }
-      ],
-      "modified": "2020-07-20T13:49:03.687Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) covertly records phone calls.(Citation: TrendMicro-XLoader)",
-      "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
       "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--27490b14-8044-408a-8c6a-6d8427eb78ff",
-      "created": "2023-03-20T18:44:26.233Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:44:26.233Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2",
-      "created": "2020-04-24T17:46:31.589Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--907db911-b39c-4230-b6ad-a0ba5ef6926a",
+      "created": "2023-09-28T17:39:24.890Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "SecurityIntelligence TrickMo",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+          "source_name": "Trend Micro FlyTrap",
+          "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+          "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:00:28.299Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) communicates with the C2 by sending JSON objects over unencrypted HTTP requests.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2023-09-28T17:39:24.890Z",
+      "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can collect device geolocation data.(Citation: Trend Micro FlyTrap)",
       "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--90d4d964-efa2-46ac-adc2-759886e07158",
+      "created": "2020-10-29T17:48:27.325Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:11:02.157Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used HTTPS for C2 communication.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
       "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -41196,25 +34871,51 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--e3d04885-95a5-47cb-a038-b58542cf787d",
-      "created": "2019-09-03T19:45:48.487Z",
+      "id": "relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861",
+      "created": "2021-02-08T16:36:20.711Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:08:39.524Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate the call log.(Citation: SWB Exodus March 2019) ",
+      "modified": "2023-04-05T17:06:46.369Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included SMS message exfiltration in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
       "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:24:53.701Z",
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures SMS data.(Citation: Zscaler-SuperMarioRun)",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -41224,25 +34925,74 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7",
+      "id": "relationship--91831379-b0da-4019-a7bb-17e53cda9d0b",
       "type": "relationship",
-      "created": "2019-10-15T19:33:42.204Z",
+      "created": "2020-12-31T18:25:05.131Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Kaspersky-Skygofree",
-          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
-          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
         }
       ],
-      "modified": "2019-10-15T19:33:42.204Z",
-      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can track the device's location.(Citation: Kaspersky-Skygofree)",
+      "modified": "2020-12-31T18:25:05.131Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has utilized native code to decrypt its malicious payload.(Citation: CYBERWARCON CHEMISTGAMES)",
       "relationship_type": "uses",
-      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--919a13bc-74be-4660-af63-454abee92635",
+      "type": "relationship",
+      "created": "2019-03-11T15:13:40.408Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
+          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
+          "source_name": "TrendMicro-Anserver2"
+        }
+      ],
+      "modified": "2019-08-05T20:05:25.571Z",
+      "description": "\n[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device IMEI and IMSI.(Citation: TrendMicro-Anserver2)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--91a4924f-2519-4662-91f2-b7ef715a459f",
+      "created": "2023-03-20T18:59:55.756Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Samsung Knox Mobile Threat Defense",
+          "description": "Samsung Knox Partner Program. (n.d.). Knox for Mobile Threat Defense. Retrieved March 30, 2022.",
+          "url": "https://partner.samsungknox.com/mtd"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:10:20.748Z",
+      "description": "Application vetting can detect many techniques associated with impairing device defenses.(Citation: Samsung Knox Mobile Threat Defense)",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -41270,22 +35020,22 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e",
+      "id": "relationship--92129d5b-7822-4e84-8a69-f96b598fba9e",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "PaloAlto-DualToy",
-          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
-          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
         }
       ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)",
+      "modified": "2019-10-10T15:27:22.175Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses databases from WhatsApp, Viber, Skype, and Line.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
-      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -41293,9 +35043,462 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35",
       "type": "relationship",
-      "created": "2020-12-17T20:15:22.405Z",
+      "id": "relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea",
+      "created": "2019-10-18T14:52:53.193Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
+      "modified": "2022-03-30T20:07:50.094Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.261Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.261Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can collect system information such as OS version, device vendor, and the type of screen lock that is active on the device.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0",
+      "created": "2019-08-07T15:57:13.453Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can open a fake Google Play screen requesting bank card credentials and mimic the screen of relevant mobile banking apps to request user/bank card details.(Citation: Kaspersky Riltok June 2019)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) enables remote control of the victim through SMS channels.(Citation: PaloAlto-SpyDealer)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.631Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.741Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) queries the device for metadata, such as device ID, OS version, and the number of cameras.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9373912a-affa-4a3c-ad97-1b8311e228ee",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.991Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.803Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) checks if the device is connected via Wi-Fi or mobile data.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9398bf9d-be77-4ac2-acea-893152cafd16",
+      "created": "2022-03-30T14:43:46.034Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T14:43:46.034Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--bd4d32f5-eed4-4018-a649-40b229dd1d69",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016",
+      "created": "2022-04-15T18:12:53.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Xiao-KeyRaider",
+          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:28:29.839Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--93b6bf37-5614-4317-8ed7-42f098152c40",
+      "created": "2023-02-28T20:39:18.320Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:10:38.672Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use a SOCKS proxy to evade C2 IP detection.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--93c20f43-6684-471c-910f-d9577f289677",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "In at least one case, [Stealth Mango](https://attack.mitre.org/software/S0328) may have been installed using physical access to the device by a repair shop.(Citation: Lookout-StealthMango)",
+      "modified": "2022-04-19T15:47:05.436Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) update and sends the location of the phone.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9432fabf-9487-469c-86c9-b9d26b013c85",
+      "created": "2022-04-01T13:13:10.587Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Call Log access an uncommonly needed permission, so users should be instructedto use extra scrutiny when granting access to their call logs. ",
+      "modified": "2022-04-01T13:13:10.587Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348",
+      "created": "2022-04-20T17:42:11.714Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "url": "https://www.wandera.com/reddrop-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:40:15.440Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses standard HTTP for exfiltration.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f",
+      "created": "2019-12-10T16:07:41.083Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:21:03.081Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can enable installation of apps from unknown sources.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4",
+      "created": "2022-03-28T19:30:27.364Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches to integrity checking mechanisms that can detect unauthorized hardware modifications.",
+      "modified": "2022-03-28T19:30:27.364Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f",
+      "created": "2022-03-28T19:25:38.355Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates may contain patches that inhibit system software compromises.",
+      "modified": "2022-03-28T19:25:38.355Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--950e1476-83ca-4e81-b542-c91a19b206d7",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.466Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.466Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can collect device information such as network operator, model, brand, and OS version.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--95bf4e8b-f388-48a0-b236-c2077252e71e",
+      "type": "relationship",
+      "created": "2019-09-03T20:08:00.757Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-09-15T15:35:33.380Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers the device IMEI to send to the command and control server.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--95fec5e4-d48a-471f-8223-711cd32659b8",
+      "created": "2022-04-01T18:49:51.050Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:49:51.050Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--9d7c32f4-ab39-49dc-8055-8106bc2294a1",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--96298aed-9e9f-4836-b29b-04c88e79e53e",
+      "created": "2022-04-01T18:42:37.987Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities that could be exploited for root access. Root access is often a requirement to impairing defenses.",
+      "modified": "2022-04-01T18:42:37.987Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.397Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -41304,14 +35507,496 @@
           "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
         }
       ],
-      "modified": "2020-12-28T18:47:52.600Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)",
+      "modified": "2020-12-17T20:15:22.397Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can steal data from various sources, including chat, communication, and social media apps.(Citation: Palo Alto HenBox)",
       "relationship_type": "uses",
       "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306",
+      "type": "relationship",
+      "created": "2020-05-07T15:33:32.778Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.778Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) exploits known OS vulnerabilities, including Janus, to replace legitimate applications with malicious versions.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--96569099-db95-4f3c-8ded-6d9cf023e55e",
+      "created": "2019-09-03T20:08:00.717Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Gustuff](https://attack.mitre.org/software/S0406) can use SMS for command and control from a defined admin phone number.(Citation: Talos Gustuff Apr 2019) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31",
+      "created": "2022-09-29T20:11:55.474Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2022-09-30T18:39:16.003Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors capable of enumerating specific files on the infected devices.(Citation: Cylance Dust Storm)",
+      "relationship_type": "uses",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--97158eda-5092-4939-8b5c-1ef5ab918089",
+      "type": "relationship",
+      "created": "2020-04-24T15:12:11.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:12:11.189Z",
+      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) can collect device photos.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.617Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.617Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can collect account information stored on the device.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--97408547-bacd-4308-a8be-556e9ff04951",
+      "created": "2023-03-20T18:55:23.628Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:43:16.137Z",
+      "description": "Mobile security products can typically detect rooted devices, which is an indication that Process Discovery is possible. Application vetting could potentially detect when applications attempt to abuse root access or root the system itself. Further, application vetting services could look for attempted usage of legacy process discovery mechanisms, such as the usage of `ps` or inspection of the `/proc` directory.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--97417113-1840-4e00-98d3-bb222e1a1f60",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.980Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.815Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) base64 encodes one of the strings it searches for.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.125Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.125Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--980430c1-6173-440e-b75e-c1cdb4c41560",
+      "created": "2023-09-28T17:40:16.985Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zimperium FlyTrap",
+          "description": "A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023.",
+          "url": "https://www.zimperium.com/blog/flytrap-android-malware-compromises-thousands-of-facebook-accounts/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:40:16.985Z",
+      "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can use HTTP to exfiltrate data to the C2 server.(Citation: Zimperium FlyTrap)",
+      "relationship_type": "uses",
+      "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:29:18.098Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) captures SMS messages.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.364Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:41:19.364Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can take screenshots.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9819974c-f093-482b-8b2b-93a05ab7382e",
+      "created": "2023-08-04T18:31:48.507Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:31:48.507Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate browser history, BlackBerry Messenger files, IMO instant messaging content, and WhatsApp voice notes.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3",
+      "created": "2021-02-08T16:36:20.788Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included keylogging capabilities as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-15T17:35:26.197Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e",
+      "created": "2023-02-28T20:34:18.504Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:12:45.147Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use HTTP POST requests on port 80 for communicating with its C2 server.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--98ae9cb2-1141-48c6-81fd-f16adb430031",
+      "created": "2023-01-18T19:17:07.565Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:07:52.850Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can request the `READ_EXTERNAL_STORAGE` and `WRITE_EXTERNAL_STORAGE` Android permissions.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d",
+      "type": "relationship",
+      "created": "2020-09-11T14:54:16.582Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T14:54:16.582Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a",
+      "created": "2020-11-20T16:37:28.475Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:52:20.309Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect the device’s contact list.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--98fb2884-c912-42ff-9c87-4fbabfa70115",
+      "created": "2023-08-08T16:14:01.661Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:14:01.661Z",
+      "description": "Application vetting services may potentially determine if an application contains suspicious code and/or metadata.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.815Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.815Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can record from the device’s camera.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9951d8c0-d210-4776-808b-421b613f244f",
+      "created": "2019-09-23T13:36:08.463Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:55:41.638Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) hides its icon after first launch.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f",
@@ -41339,74 +36024,51 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5",
       "type": "relationship",
-      "created": "2020-11-24T17:55:12.897Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
-        }
-      ],
-      "modified": "2020-11-24T17:55:12.897Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e",
-      "created": "2020-01-27T17:05:58.335Z",
+      "id": "relationship--9a575420-cdce-4a9f-9ea9-2ae5c469cad9",
+      "created": "2023-09-25T19:44:41.503Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+          "source_name": "MoustachedBouncer ESET August 2023",
+          "description": "Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.",
+          "url": "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:28:07.442Z",
-      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) registers for the `USER_PRESENT` broadcast intent and uses it as a trigger to take photos with the front-facing camera.(Citation: Trend Micro Bouncing Golf 2019)",
+      "modified": "2023-09-30T22:22:13.142Z",
+      "description": "[MoustachedBouncer](https://attack.mitre.org/groups/G1019) has used legitimate looking filenames for malicious executables including MicrosoftUpdate845255.exe.(Citation: MoustachedBouncer ESET August 2023)",
       "relationship_type": "uses",
-      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "source_ref": "intrusion-set--7251b44b-6072-476c-b8d9-a6e32c355b28",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890",
-      "created": "2023-01-18T19:09:40.955Z",
+      "id": "relationship--9b34ae1e-027f-4b52-9a4f-1e58f6efdc25",
+      "created": "2023-06-09T19:16:28.560Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:58:45.439Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can record the screen via the `MediaProjection` library to harvest user credentials, including biometric PINs.(Citation: cyble_drinik_1022)",
+      "modified": "2023-09-22T20:48:05.605Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can take screenshots and can abuse accessibility services to scrape WhatsApp messages, contacts, and notifications.(Citation: lookout_hornbill_sunbird_0221)",
       "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
       "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
@@ -41415,8 +36077,1291 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0",
-      "created": "2020-12-24T21:55:56.741Z",
+      "id": "relationship--9b56528f-cf04-4d81-80ee-7bacb862383a",
+      "created": "2023-03-20T18:57:33.693Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T20:52:56.065Z",
+      "description": "Application vetting services can detect when applications request the `SEND_SMS` permission, which should be infrequently used.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9b8b51fb-c380-4516-b109-821f015506d4",
+      "created": "2023-03-20T15:40:26.994Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:16:28.207Z",
+      "description": "Application vetting services could look for `android.permission.READ_CONTACTS` in an Android application’s manifest, or `NSContactsUsageDescription` in an iOS application’s `Info.plist` file. Most applications do not need contact list access, so extra scrutiny could be applied to those that request it.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9bbfa759-5555-4048-a79d-fed27a1efd93",
+      "created": "2023-06-09T19:14:21.299Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-06-09T19:14:21.299Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can access images stored on external storage.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d",
+      "created": "2022-04-01T17:06:06.950Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to location information. Users should also protect their account credentials and enable multi-factor authentication options when available. ",
+      "modified": "2022-04-01T17:06:06.950Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--9c302eb1-1810-48a5-b34d-6aae303d2097",
+      "created": "2022-04-01T15:16:26.387Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be instructed to not open links in applications they don’t recognize.",
+      "modified": "2022-04-01T15:16:26.387Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "modified": "2019-10-15T19:54:10.284Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole geo-location data.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9c853c22-7607-4cbd-b114-08aaa4625c35",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.405Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-28T18:47:52.600Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can collect device information and can check if the device is running MIUI on a Xiaomi device.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2",
+      "created": "2023-03-20T18:50:32.580Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:45:40.815Z",
+      "description": "Application vetting services could look for usage of the `READ_PRIVILEGED_PHONE_STATE` Android permission. This could indicate that non-system apps are attempting to access information that they do not have access to.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e",
+      "created": "2023-03-20T18:52:52.011Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T14:51:29.206Z",
+      "description": "On Android, the user can use the device settings menu to view trusted CA certificates and look for unexpected or unknown certificates. A mobile security product could similarly examine the trusted CA certificate store for anomalies. Users can use the device settings menu to view which applications on the device are allowed to install unknown applications.\n\nOn iOS, the user can use the device settings menu to view installed Configuration Profiles and look for unexpected or unknown profiles. A Mobile Device Management (MDM) system could use the iOS MDM APIs to examine the list of installed Configuration Profiles for anomalies.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856",
+      "created": "2020-05-04T14:04:56.211Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020.",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:03:51.504Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) communicates with the C2 server using HTTP requests.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9d264e84-27b2-4867-82c8-55486a969d7c",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.489Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.489Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running processes.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7",
+      "created": "2023-03-20T18:48:56.995Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:53:41.268Z",
+      "description": "Application vetting services can look for applications requesting the `android.permission.BIND_ACCESSIBILITY_SERVICE` permission in a service declaration. On Android, the user can view and manage which applications can use accessibility services through the device settings in Accessibility. The exact device settings menu locations may vary between operating system versions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de",
+      "type": "relationship",
+      "created": "2019-10-14T20:49:24.571Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-10-14T20:49:24.571Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about running processes.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9d621873-6d3c-4660-be9a-57e2e8648236",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Proofpoint-Marcher",
+          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018.",
+          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:24:29.502Z",
+      "description": "[Marcher](https://attack.mitre.org/software/S0317) requests Android Device Administrator access.(Citation: Proofpoint-Marcher)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9",
+      "created": "2019-09-04T14:28:15.316Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:26:48.912Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can remount the system partition as read/write to install attacker-specified certificates.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.562Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "source_name": "FortiGuard-FlexiSpy"
+        }
+      ],
+      "modified": "2019-10-14T18:08:28.500Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can communicate with the command and control server over ports 12512 and 12514.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.793Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can monitor clipboard content.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9e458d77-c856-4b02-82a7-50947b232dc3",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.183Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-06T15:32:46.533Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can download a payload or updates from either its C2 server or email attachments in the adversary’s inbox.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CrowdStrike-Android",
+          "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+          "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was believed to have been used to obtain locational data of Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
+      "relationship_type": "uses",
+      "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9e95ef68-0650-49eb-888f-47c211481be9",
+      "created": "2023-03-20T18:51:40.217Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T17:16:36.672Z",
+      "description": "Application vetting may be able to identify applications that perform [Discovery](https://attack.mitre.org/tactics/TA0032) or utilize existing connectivity to remotely access hosts within an internal enterprise network. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9f83d618-a42d-4797-b9fe-030affdbd13f",
+      "created": "2023-01-18T19:46:45.399Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:49:35.020Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can hide and send SMS messages. [SharkBot](https://attack.mitre.org/software/S1055) can also change which application is the device’s default SMS handler.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7",
+      "created": "2022-04-15T16:00:43.483Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019.",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:52:33.829Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) can turn off `VerifyApps`, and can grant Device Administrator permissions via commands only, rather than using the UI.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2",
+      "created": "2020-07-15T20:20:59.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:29:29.307Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can abuse device administrator permissions to ensure that it cannot be uninstalled until its permissions are revoked.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f",
+      "created": "2022-03-30T20:07:33.291Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:07:33.291Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--fd658820-cbba-4c95-8ac9-0fac6b1099e2",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d",
+      "type": "relationship",
+      "created": "2020-10-29T19:21:23.235Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T19:21:23.235Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has hidden the C2 server address using base-64 encoding. (Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e",
+      "created": "2022-03-30T13:45:39.184Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation can often detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T13:45:39.184Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c",
+      "created": "2019-11-21T19:16:34.820Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) generates fraudulent advertising revenue by displaying ads in the background and by opening the browser and displaying ads.(Citation: CheckPoint SimBad 2019)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.106Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.106Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can obtain a list of installed applications.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.819Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.819Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s location and track the device over time.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.501Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "modified": "2020-01-21T14:20:50.492Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can collect location information, including GPS coordinates.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f",
+      "created": "2022-04-01T12:50:48.459Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T12:50:48.459Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--62adb627-f647-498e-b4cc-41499361bacb",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a120ac54-32fa-43ad-a826-8325823b656d",
+      "created": "2023-09-22T19:14:12.741Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T19:14:12.741Z",
+      "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.548Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:00:43.490Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) uses `dumpsys` to determine if certain applications are running.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a186540d-d235-48f1-8757-d0b46f13c6ce",
+      "created": "2023-06-09T19:20:23.377Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T20:42:33.371Z",
+      "description": "(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f",
+      "target_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41",
+      "created": "2023-01-18T21:43:36.398Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-21T18:44:26.569Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can download attacker-specified files.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f",
+      "created": "2019-09-03T19:45:48.518Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:11:03.802Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can capture SMS messages.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a1fac829-275a-409a-9060-e7bd7c63057e",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.375Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.375Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can obtain a list of installed apps.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a20493e1-4699-405d-a291-c28aae8ed737",
+      "created": "2022-04-18T16:53:24.617Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Wandera-RedDrop",
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) uses ads or other links within websites to encourage users to download the malicious apps using a complex content distribution network (CDN) and series of network redirects. [RedDrop](https://attack.mitre.org/software/S0326) also downloads additional components (APKs, JAR files) from different C2 servers.(Citation: Wandera-RedDrop) ",
+      "modified": "2022-04-20T16:33:23.507Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a20581b4-21fa-4ed9-b056-d139998868e8",
+      "created": "2019-09-04T14:28:15.970Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:52:44.819Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the device's contact list.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:03.638Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads contact lists for various third-party applications such as Yahoo, AIM, GoogleTalk, Skype, QQ, and others.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52",
+      "created": "2019-09-23T13:36:08.459Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can use phishing overlays to capture users' credit card information.(Citation: securelist rotexy 2018)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a25a0454-d6da-4448-a3c5-33648ee6675a",
+      "created": "2023-07-21T19:36:50.262Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:36:50.262Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can collect system information, such as Android version and device identifiers.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
+        }
+      ],
+      "modified": "2019-10-10T15:18:51.121Z",
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) steals authentication tokens that can be used to access data from multiple Google applications.(Citation: Gooligan Citation)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a",
+      "created": "2023-03-20T18:53:52.174Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Android-AppLinks",
+          "description": "Android. (n.d.). Handling App Links. Retrieved December 21, 2016.",
+          "url": "https://developer.android.com/training/app-links/index.html"
+        },
+        {
+          "source_name": "IETF-OAuthNativeApps",
+          "description": "W. Denniss and J. Bradley. (2017, October). IETF RFC 8252: OAuth 2.0 for Native Apps. Retrieved November 30, 2018.",
+          "url": "https://tools.ietf.org/html/rfc8252"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:08:37.797Z",
+      "description": "When vetting applications for potential security weaknesses, the vetting process could look for insecure use of Intents. Developers should be encouraged to use techniques to ensure that the intent can only be sent to an appropriate destination (e.g., use explicit rather than implicit intents, permission checking, checking of the destination app's signing certificate, or utilizing the App Links feature). For mobile applications using OAuth, encourage use of best practice.(Citation: IETF-OAuthNativeApps)(Citation: Android-AppLinks)",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a285f343-09c3-49af-9c18-1dccf89e9009",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.391Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.391Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect a directory listing of external storage.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.597Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf",
+          "source_name": "FortiGuard-FlexiSpy"
+        }
+      ],
+      "modified": "2019-09-10T14:59:25.979Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) encrypts its configuration file using AES.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.903Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.903Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) has base64-encoded the exfiltrated data, replacing some of the base64 characters to further obfuscate the data.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.289Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.289Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to capture data from installed applications.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d",
+      "created": "2020-07-15T20:20:59.380Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used Firebase for C2.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-18T19:18:24.378Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.450Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect device network configuration information, such as Wi-Fi SSID and IMSI.(Citation: TrendMicro Coronavirus Updates)",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a3c4b392-2879-4f31-9431-3398e034851b",
+      "created": "2022-04-06T13:52:37.470Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be cautioned against granting administrative access to applications.",
+      "modified": "2022-04-06T13:52:37.470Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c",
+      "created": "2020-12-14T14:52:03.385Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can fetch a backup C2 domain from Twitter if the primary C2 is unresponsive.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-20T17:56:51.457Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.183Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can download executable code from the C2 server after the implant starts or after a specific command.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3",
+      "created": "2020-12-14T14:52:03.283Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP requests over port 7878.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2022-04-20T16:43:23.973Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c",
+      "created": "2020-12-24T21:55:56.693Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -41429,10 +37374,457 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:51:16.331Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the contact list.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-04-05T21:27:39.012Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
       "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a466f8f0-c9da-46d1-80d0-b8654e727526",
+      "created": "2023-08-04T18:33:37.920Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:33:37.920Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate a list of installed applications.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8",
+      "created": "2023-02-06T18:59:15.881Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:21:10.915Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect device information such as manufacturer, model, version, serial number, and telephone number.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.753Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.753Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used exploit tools to gain root, such as TowelRoot.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a",
+      "created": "2020-10-29T19:21:23.143Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "WeLiveSecurity AdDisplayAshas",
+          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:48:18.023Z",
+      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has registered to receive the `BOOT_COMPLETED` broadcast intent to activate on device startup.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a54c8c09-c849-4146-a7cc-158887222a6d",
+      "created": "2020-12-24T21:45:56.969Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:15:05.454Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access SMS messages.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a563fc97-a452-4348-a831-f4fb55c71e35",
+      "created": "2023-03-03T16:22:45.712Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:22:45.712Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used fake Verisign and Symantec certificates to bypass malware detection systems. [YiSpecter](https://attack.mitre.org/software/S0311) has also signed malicious apps with iOS enterprise certificates to work on non-jailbroken iOS devices.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a5b37f26-7629-4195-9536-12e349e5843b",
+      "created": "2023-03-20T18:51:04.334Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T14:54:47.199Z",
+      "description": "Application vetting services could look for applications attempting to get `android.os.SystemProperties` or `getprop` with the runtime `exec()` commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a5b72279-f99e-4f03-8669-04322b40ee6b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "modified": "2020-07-20T13:49:03.710Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) loads an encrypted DEX code payload.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d",
+      "created": "2019-09-03T20:08:00.760Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:11:36.853Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) communicates with the command and control server using HTTP requests.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b",
+      "created": "2023-03-20T18:59:46.622Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:03:56.766Z",
+      "description": "Mobile threat defense agents could detect unauthorized operating system modifications by using attestation.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2",
+      "created": "2020-07-27T14:14:57.020Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020.",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:52:46.975Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can modify the SELinux enforcement mode.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072",
+      "type": "relationship",
+      "created": "2020-09-11T15:14:34.064Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SMS KitKat",
+          "url": "https://android-developers.googleblog.com/2013/10/getting-your-sms-apps-ready-for-kitkat.html",
+          "description": "S.Main, D. Braun. (2013, October 14).  Getting Your SMS Apps Ready for KitKat. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-10-22T17:04:15.708Z",
+      "description": "Users should be encouraged to be very careful with what applications they grant SMS access to. Further, users should not change their default SMS handler to applications they do not recognize.(Citation: SMS KitKat)",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2",
+      "created": "2023-01-18T21:24:28.714Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:55:39.648Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a Domain Generation Algorithm to decode the C2 server location.(Citation: nccgroup_sharkbot_0322) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-15T19:44:36.177Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collects and uploads information about changes in SIM card or phone numbers on the device.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a76d731b-484c-442a-b1a3-255d8398aefd",
+      "type": "relationship",
+      "created": "2019-10-10T15:22:52.545Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-RCSAndroid",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/"
+        }
+      ],
+      "modified": "2019-10-10T15:22:52.545Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can collect passwords for Wi-Fi networks and online accounts, including Skype, Facebook, Twitter, Google, WhatsApp, Mail, and LinkedIn.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a772d1fc-e2d1-4553-b93f-12412cdc8360",
+      "created": "2023-08-08T22:50:32.635Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:52:18.036Z",
+      "description": "The user can view applications that have registered accessibility services in the accessibility menu within the device settings.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:13:36.481Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses calendar entries.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:24.312Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted contact lists.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
       "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -41443,62 +37835,179 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5417959b-9478-49fb-b779-3c82a10ad080",
+      "id": "relationship--a808c887-b2b8-4b05-9cab-47c918e48d48",
       "type": "relationship",
-      "created": "2020-12-17T20:15:22.498Z",
+      "created": "2020-12-14T15:02:35.257Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Palo Alto HenBox",
-          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
-          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
         }
       ],
-      "modified": "2020-12-17T20:15:22.498Z",
-      "description": "[HenBox](https://attack.mitre.org/software/S0544) can obtain a list of running apps.(Citation: Palo Alto HenBox)",
+      "modified": "2020-12-14T15:02:35.257Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can send SMS messages from compromised devices.(Citation: Securelist Asacub) ",
       "relationship_type": "uses",
-      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2",
-      "type": "relationship",
-      "created": "2020-09-11T15:53:38.453Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "securelist rotexy 2018",
-          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
-          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
-        }
-      ],
-      "modified": "2020-09-11T15:53:38.453Z",
-      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can automatically reply to SMS messages, and optionally delete them.(Citation: securelist rotexy 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
       "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03",
+      "created": "2020-12-24T21:45:56.962Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:14:46.472Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can access call logs.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7",
+      "type": "relationship",
+      "created": "2019-03-11T15:13:40.425Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Karl Dominguez. (2011, September 27). ANDROIDOS_ANSERVER.A. Retrieved November 30, 2018.",
+          "url": "https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/ANDROIDOS_ANSERVER.A",
+          "source_name": "TrendMicro-Anserver2"
+        }
+      ],
+      "modified": "2019-10-15T19:55:04.517Z",
+      "description": "[ANDROIDOS_ANSERVER.A](https://attack.mitre.org/software/S0310) gathers the device OS version, device build version, manufacturer, and model.(Citation: TrendMicro-Anserver2)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4bf6ba32-4165-42c1-b911-9c36165891c8",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a8565c17-7054-4d3f-bca5-6e17dc931491",
+      "created": "2023-03-03T16:20:08.033Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:20:08.033Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has used private APIs to download and install other pieces of itself, as well as other malicious apps. (Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5",
+      "type": "relationship",
+      "created": "2019-09-03T20:08:00.764Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-09-15T15:35:33.379Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) gathers information about the device, including the default SMS application, if SafetyNet is enabled, the battery level, the operating system version, and if the malware has elevated permissions.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.708Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.797Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--2f55e452-f8b3-402b-a193-d261dac9f327",
-      "created": "2022-04-01T18:53:48.715Z",
+      "id": "relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388",
+      "created": "2022-03-30T20:36:18.656Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:53:48.715Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "description": "Attestation can typically detect rooted devices. For MDM-enrolled devices, action can be taken if a device fails an attestation check. ",
+      "modified": "2022-03-30T20:36:18.656Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce",
+      "created": "2022-04-01T18:42:50.381Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Providing user guidance around commonly abused features, such as the modal that requests for administrator permissions, should aid in preventing impairing defenses.",
+      "modified": "2022-04-01T18:42:50.381Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
       "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
@@ -41508,46 +38017,98 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0",
+      "id": "relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c",
       "type": "relationship",
-      "created": "2020-12-14T14:52:03.396Z",
+      "created": "2019-09-23T13:36:08.390Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
         }
       ],
-      "modified": "2020-12-16T20:52:21.426Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can download additional overlay templates.(Citation: Sophos Red Alert 2.0)",
+      "modified": "2019-10-14T20:49:24.646Z",
+      "description": "Starting in 2017, the [Rotexy](https://attack.mitre.org/software/S0411) DEX file was packed with garbage strings and/or operations.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
       "type": "relationship",
-      "id": "relationship--0008005f-ca51-47c3-8369-55ee5de1c65a",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--a92a805e-d5f5-4e94-8592-c253e03e4476",
+      "created": "2022-03-31T19:51:15.415Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Package Visibility",
+          "url": "https://developer.android.com/training/package-visibility",
+          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
+      "modified": "2022-04-11T19:19:34.658Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a93ee044-bd5d-48f3-972e-0abab780c35c",
+      "created": "2023-02-08T20:05:06.786Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:43:54.975Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) uses an Android broadcast receiver to automatically start when the device boots.(Citation: Zscaler-SpyNote)",
+      "modified": "2023-03-29T21:21:22.070Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can steal information via malicious JavaScript.(Citation: trendmicro_tianyspy_0122)",
       "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a95fe853-d1d1-47dc-a776-b905daacfe32",
+      "created": "2020-06-26T20:16:32.181Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:11:53.609Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) has used Firebase Cloud Messaging for C2.(Citation: ESET DEFENSOR ID) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -41557,22 +38118,71 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--98b14660-79e1-4244-99c2-3dedd84eb68d",
+      "id": "relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530",
       "type": "relationship",
-      "created": "2020-09-11T14:54:16.582Z",
+      "created": "2020-01-27T17:05:58.213Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Desert Scorpion",
-          "url": "https://blog.lookout.com/desert-scorpion-google-play",
-          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
         }
       ],
-      "modified": "2020-09-11T14:54:16.582Z",
-      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can track the device’s location.(Citation: Lookout Desert Scorpion)",
+      "modified": "2020-01-27T17:05:58.213Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of installed applications.(Citation: Trend Micro Bouncing Golf 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9",
+      "created": "2022-04-01T17:08:15.158Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CSRIC5-WG10-FinalReport",
+          "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
+          "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-15T15:06:03.429Z",
+      "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.410Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.410Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has searched for pdf, doc, docx, ppt, pptx, xls, and xlsx file types for exfiltration.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -41581,47 +38191,255 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0",
+      "created": "2019-09-03T20:08:00.711Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "TrendMicro-RCSAndroid",
-          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
-          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016."
+          "source_name": "Group IB Gustuff Mar 2019",
+          "url": "https://www.group-ib.com/blog/gustuff",
+          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019."
+        },
+        {
+          "source_name": "Talos Gustuff Apr 2019",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can use SMS for command and control.(Citation: TrendMicro-RCSAndroid)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) uses WebView overlays to prompt the user for their device unlock code, as well as banking and cryptocurrency application credentials. [Gustuff](https://attack.mitre.org/software/S0406) can also send push notifications pretending to be from a bank, triggering a phishing overlay.(Citation: Talos Gustuff Apr 2019)(Citation: Group IB Gustuff Mar 2019)",
+      "modified": "2022-04-19T19:42:17.904Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0",
+      "created": "2022-04-01T16:52:03.322Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T16:52:03.322Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5",
+      "created": "2019-08-08T18:47:57.655Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android 10 Privacy Changes",
+          "url": "https://developer.android.com/about/versions/10/privacy/changes#clipboard-data",
+          "description": "Android Developers. (n.d.). Privacy changes in Android 10. Retrieved September 11, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 10 introduced changes to prevent applications from accessing clipboard data if they are not in the foreground or set as the device’s default IME.(Citation: Android 10 Privacy Changes) ",
+      "modified": "2022-04-01T16:35:38.189Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443",
+      "created": "2020-07-20T13:49:03.676Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has fetched its C2 address from encoded Twitter names, as well as Instagram and Tumblr.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "modified": "2022-04-20T17:58:16.567Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Gooligan Citation",
+          "description": "Check Point Research Team. (2016, November 30). More Than 1 Million Google Accounts Breached by Gooligan. Retrieved December 12, 2016.",
+          "url": "http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/"
+        }
+      ],
+      "modified": "2019-10-10T15:18:51.154Z",
+      "description": "[Gooligan](https://attack.mitre.org/software/S0290) executes Android root exploits.(Citation: Gooligan Citation)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20d56cd6-8dff-4871-9889-d32d254816de",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:38.161Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects contact list information.(Citation: Lookout-EnterpriseApps)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ab18ee61-f94a-411c-9893-941714ce713e",
+      "created": "2023-03-20T18:44:26.642Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:47:05.294Z",
+      "description": "Applications could be vetted for their use of the clipboard manager APIs with extra scrutiny given to application that make use of them.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920",
+      "created": "2022-04-05T19:46:22.326Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as keyboard registration or accessibility service access.",
+      "modified": "2022-04-05T19:46:22.326Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ab7cd212-7faa-46a8-9666-92a67ae7a6b0",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:41:16.869Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
+      "target_ref": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99",
+      "created": "2017-10-25T14:48:53.742Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Elcomsoft-iOSRestricted",
+          "url": "https://blog.elcomsoft.com/2018/09/ios-12-enhances-usb-restricted-mode/",
+          "description": "Oleg Afonin. (2018, September 20). iOS 12 Enhances USB Restricted Mode. Retrieved September 21, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11.4.1 and higher introduce USB Restricted Mode, which disables data access through the device's charging port under certain conditions (making the port only usable for power), likely preventing this technique from working.(Citation: Elcomsoft-iOSRestricted)",
+      "modified": "2022-04-01T15:35:28.360Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--605d95a1-0493-418e-9d81-de58531c4421",
-      "created": "2020-04-24T15:12:11.217Z",
+      "id": "relationship--abf03652-acd0-4361-8a66-f7e70e8e4376",
+      "created": "2020-06-02T14:32:31.913Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/"
+          "source_name": "Volexity Insomnia",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020.",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:04:31.136Z",
-      "description": "[Concipit1248](https://attack.mitre.org/software/S0426) communicates with the C2 server using HTTP requests.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2023-04-05T20:12:12.766Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) communicates with the C2 server using HTTPS requests.(Citation: Volexity Insomnia)",
       "relationship_type": "uses",
-      "source_ref": "malware--89c3dbf6-f281-41b7-be1d-a0e641014853",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
       "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -41630,108 +38448,21 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd",
-      "created": "2023-03-20T18:51:58.152Z",
+      "id": "relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783",
+      "created": "2023-03-20T18:55:51.580Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:51:58.152Z",
-      "description": "",
+      "modified": "2023-08-09T15:57:46.908Z",
+      "description": "An Android user can view and manage which applications hold the `SYSTEM_ALERT_WINDOW` permission through the device settings in Apps & notifications -> Special app access -> Display over other apps (the exact menu location may vary between Android versions). ",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506",
-      "type": "relationship",
-      "created": "2020-11-20T16:37:28.567Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Symantec GoldenCup",
-          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
-          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
-        }
-      ],
-      "modified": "2020-11-20T16:37:28.567Z",
-      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has encrypted exfiltrated data using AES in ECB mode.(Citation: Symantec GoldenCup)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
-      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb",
-      "created": "2020-12-14T14:52:03.184Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has used malicious overlays to collect banking credentials.(Citation: Sophos Red Alert 2.0)",
-      "modified": "2022-04-12T10:01:44.682Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
       "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5",
-      "created": "2023-03-20T15:21:12.492Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T15:21:12.492Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--322d0123-ea4c-4562-a718-672952c83d05",
-      "created": "2023-03-20T18:55:54.372Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:55:54.372Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -41739,95 +38470,190 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a",
-      "created": "2022-03-30T19:54:43.835Z",
+      "id": "relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f",
+      "created": "2022-03-30T19:28:55.980Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
-      "modified": "2022-03-30T19:54:43.835Z",
+      "description": "Security updates typically provide patches for vulnerabilities that could be abused by malicious applications.",
+      "modified": "2022-03-30T19:28:55.980Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--ac415e32-e204-4382-b500-2370cec7a608",
+      "created": "2023-08-16T16:45:58.547Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:45:58.547Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can download new code at runtime.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--a9cab8f6-4c94-4c9b-9e7d-9d863ff53431",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.035Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        },
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.035Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect device information, such as the default SMS app and device locale.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.210Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two attempts to connect to port 22011 to provide a remote reverse shell.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa",
+      "created": "2023-02-06T19:05:28.288Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:05:28.288Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can collect files from or inspect the device’s filesystem.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47",
-      "created": "2022-04-01T17:08:41.293Z",
+      "id": "relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e",
+      "created": "2022-03-30T18:07:07.306Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "If devices are enrolled using Apple User Enrollment or using a profile owner enrollment mode for Android, device controls prevent the enterprise from accessing the device’s physical location. This is typically used for a Bring Your Own Device (BYOD) deployment. ",
-      "modified": "2022-04-01T17:08:41.293Z",
+      "description": "On iOS, the `allowEnterpriseAppTrust` and `allowEnterpriseAppTrustModification` configuration profile restrictions can be used to prevent users from installing apps signed using enterprise distribution keys. ",
+      "modified": "2022-03-30T18:07:07.306Z",
       "relationship_type": "mitigates",
       "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac",
       "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-PegasusAndroid",
-          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
-          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
-        }
-      ],
-      "modified": "2019-08-09T17:52:31.748Z",
-      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)",
-      "relationship_type": "uses",
-      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134",
-      "created": "2020-05-04T14:04:56.158Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Google Bread",
-          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
-          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
+      "id": "relationship--ada67532-039d-4b4f-93ab-82ceba13ec56",
+      "created": "2023-07-21T19:53:12.605Z",
       "revoked": false,
-      "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:53:12.605Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access text message history.(Citation: kaspersky_fakecalls_0422)",
       "relationship_type": "uses",
-      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a",
+      "id": "relationship--adc9957c-fa57-4e81-9231-b60f01b69859",
       "type": "relationship",
-      "created": "2020-11-10T17:08:35.713Z",
+      "created": "2020-12-24T22:04:28.010Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -41836,27 +38662,34 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-11-10T17:08:35.713Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-12-24T22:04:28.010Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) can download new code to update itself.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--d63de13b-0253-42f4-b13d-34bccf76ad94",
-      "created": "2023-03-20T18:54:50.323Z",
+      "id": "relationship--ade5c0c5-8b53-4bc5-9d81-0284be2e5fee",
+      "created": "2023-07-21T19:51:55.111Z",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:54:50.323Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "modified": "2023-07-21T19:51:55.111Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can intercept and imitate phone conversations by breaking the connection and displaying a fake call screen. It can also make outgoing calls and spoof incoming calls.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -41868,25 +38701,311 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d",
-      "created": "2022-03-30T20:13:40.625Z",
+      "id": "relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415",
+      "created": "2022-03-30T14:50:07.291Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Users should be shown what a synthetic activity looks like so they can scrutinize them in the future.",
-      "modified": "2022-03-30T20:13:40.625Z",
+      "description": "Device attestation could detect unauthorized operating system modifications.",
+      "modified": "2022-03-30T14:50:07.291Z",
       "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f",
       "type": "relationship",
-      "id": "relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3",
-      "created": "2023-02-28T21:44:45.063Z",
+      "created": "2020-07-15T20:20:59.305Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.305Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afba6b19-7486-4e5a-8fda-e91852b0b354",
+      "type": "relationship",
+      "created": "2021-09-20T13:42:21.104Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-09-27T18:05:43.107Z",
+      "description": "Users should be encouraged to be very careful with what applications they grant phone call-based permissions to. Further, users should not change their default call handler to applications they do not recognize.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--afc0e8b2-2e85-4640-8517-fb2e16831082",
+      "created": "2023-01-18T19:45:27.807Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:56:03.190Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use a WebView with a fake log in site to capture banking credentials.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.110Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to record calls as well as the victim device's environment.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--afe9e326-01f7-4296-a11b-09cfffd80120",
+      "type": "relationship",
+      "created": "2020-07-27T14:14:56.962Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "modified": "2020-08-10T22:18:20.747Z",
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads and system prompts to create new Google accounts.(Citation: Google Security Zen)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b018fe06-740b-4864-b30a-f047598506b3",
+      "type": "relationship",
+      "created": "2020-04-24T15:06:33.510Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T15:06:33.510Z",
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can collect various pieces of device information, including OS version, phone model, and manufacturer.(Citation: TrendMicro Coronavirus Updates) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.514Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.514Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can list all hidden files in the `/DCIM/.dat/` directory.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b0625604-e4c4-402b-b191-f43137d38d99",
+      "created": "2020-11-20T15:44:57.481Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020.",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:29:50.160Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can collect sent and received SMS messages.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b0bade50-bcca-4924-9746-c4ed0c3be76c",
+      "created": "2023-07-21T19:41:31.114Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:41:31.114Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) has been installed using the package name `com.android.callservice`, pretending to be an Android system service.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69",
+      "created": "2019-10-14T19:14:18.673Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Group IB Gustuff Mar 2019",
+          "description": "Group-IB. (2019, March 28). Group-IB uncovers Android Trojan named «Gustuff» capable of targeting more than 100 global banking apps, cryptocurrency and marketplace applications. Retrieved September 3, 2019.",
+          "url": "https://www.group-ib.com/blog/gustuff"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:32:47.359Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) hides its icon after installation.(Citation: Group IB Gustuff Mar 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc",
+      "created": "2023-02-28T20:37:01.639Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:13:55.642Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use `locale.getLanguage()` to choose the language for notifications and avoid user detection.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b110d919-acd4-4fe0-a46a-ac4819508667",
+      "created": "2020-07-20T13:58:53.589Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:21:35.992Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has been installed via a malicious configuration profile.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b19082d2-c151-45dd-8844-82335fbe3ed9",
+      "created": "2023-02-28T21:43:54.880Z",
       "revoked": false,
       "external_references": [
         {
@@ -41898,14 +39017,139 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-29T21:26:33.166Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can use overlays to cover legitimate applications or screens.(Citation: cloudmark_tanglebot_0921)",
+      "modified": "2023-02-28T21:43:54.880Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can send text messages.(Citation: cloudmark_tanglebot_0921)",
       "relationship_type": "uses",
       "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.986Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.986Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can install new applications which are obtained from the C2 server.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b2277deb-0ddb-45a7-9690-4a2168e1026b",
+      "created": "2023-10-10T15:33:59.058Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020.",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.058Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has masqueraded as fake updates to chat applications such as Facebook, WhatsApp, Messenger, LINE, and LoveChat, as well as apps targeting Middle Eastern demographics.(Citation: Lookout FrozenCell) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b22addc1-6a23-4657-8164-3705e12bb95b",
+      "created": "2023-07-21T19:40:41.725Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:40:41.725Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can use SMS to send C2 commands.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.062Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.062Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can obtain a list of installed applications.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e",
+      "created": "2022-03-30T20:45:34.433Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android Package Visibility",
+          "url": "https://developer.android.com/training/package-visibility",
+          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
+      "modified": "2022-04-11T19:19:52.562Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -41938,83 +39182,72 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c",
+      "id": "relationship--b2896068-4d54-41e1-b0f2-db9385615112",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2021-01-05T20:16:20.426Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2018-10-17T00:14:20.652Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--b928b94a-4966-4e2a-9e61-36505b896ebc",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Tripwire-MazarBOT",
-          "url": "https://www.tripwire.com/state-of-security/security-data-protection/android-malware-sms/",
-          "description": "Graham Cluley. (2016, February 16). Android users warned of malware attack spreading via SMS. Retrieved December 23, 2016."
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[MazarBOT](https://attack.mitre.org/software/S0303) can send messages to premium-rate numbers.(Citation: Tripwire-MazarBOT)",
-      "modified": "2022-04-19T14:25:41.669Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-01-05T20:16:20.426Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has shown a persistent notification to maintain access to device sensors.(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
-      "source_ref": "malware--5ddf81ea-2c06-497b-8c30-5f1ab89a40f9",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--b309c25a-6baf-4874-829d-63712a38652c",
+      "created": "2023-02-06T19:02:16.194Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86",
-      "created": "2022-04-06T13:55:37.498Z",
+      "modified": "2023-03-27T17:21:41.461Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself camera permissions.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should be advised that applications generally do not require permission to send SMS messages.",
-      "modified": "2022-04-06T13:55:37.498Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d",
-      "created": "2019-07-10T15:35:43.658Z",
+      "id": "relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545",
+      "created": "2019-09-23T13:36:08.429Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:57:40.371Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) gathers and exfiltrates data about nearby Wi-Fi access points.(Citation: Lookout Dark Caracal Jan 2018)",
+      "modified": "2023-04-05T16:56:23.365Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) processes incoming SMS messages by filtering based on phone numbers, keywords, and regular expressions, focusing primarily on banks, payment systems, and mobile network operators. [Rotexy](https://attack.mitre.org/software/S0411) can also send a list of all SMS messages on the device to the command and control server.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42024,211 +39257,45 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041",
+      "id": "relationship--b356d405-f6b1-485b-bd35-236b9da766d2",
       "type": "relationship",
-      "created": "2018-10-17T00:14:20.652Z",
+      "created": "2020-04-24T17:46:31.586Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
         }
       ],
-      "modified": "2019-10-10T15:27:22.174Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather cellular IDs.(Citation: Lookout-StealthMango)",
+      "modified": "2020-04-27T15:27:26.539Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can use the `MediaRecorder` class to record the screen when the targeted application is presented to the user, and can abuse accessibility features to record targeted applications to intercept transaction authorization numbers (TANs) and to scrape on-screen text.(Citation: SecurityIntelligence TrickMo)",
       "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80",
-      "created": "2022-03-30T19:33:05.375Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Security updates typically provide patches for vulnerabilities that enable device rooting.",
-      "modified": "2022-03-30T19:33:05.375Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164",
-      "type": "relationship",
-      "created": "2020-01-27T17:49:05.664Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "source_name": "Trend Micro Bouncing Golf 2019"
-        }
-      ],
-      "modified": "2020-01-27T17:49:05.664Z",
-      "description": "(Citation: Trend Micro Bouncing Golf 2019)",
-      "relationship_type": "uses",
-      "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
-      "target_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--0ae94053-1963-45ba-a3a9-62e508281c8e",
-      "created": "2023-01-19T18:06:36.986Z",
+      "id": "relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0",
+      "created": "2020-10-29T17:48:27.394Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "trendmicro_tianyspy_0122",
-          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
-          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-29T21:21:58.318Z",
-      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can install malicious configurations on iPhones to allow malware to be installed via Ad Hoc distribution.(Citation: trendmicro_tianyspy_0122) ",
+      "modified": "2023-04-05T20:30:18.307Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can intercept SMS messages.(Citation: Threat Fabric Exobot)",
       "relationship_type": "uses",
-      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
-      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--7696b512-ba2f-4310-86e1-7c528529fc5e",
-      "type": "relationship",
-      "created": "2020-09-15T15:18:12.425Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cybereason FakeSpy",
-          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
-          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
-        }
-      ],
-      "modified": "2020-09-15T15:18:12.425Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) stores its malicious code in encrypted asset files that are decrypted at runtime. Newer versions of [FakeSpy](https://attack.mitre.org/software/S0509) encrypt the C2 address.(Citation: Cybereason FakeSpy)",
-      "relationship_type": "uses",
-      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--5107be8a-b5fc-4442-af0d-2c92e086a912",
-      "type": "relationship",
-      "created": "2020-05-11T16:13:43.062Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CheckPoint Agent Smith",
-          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
-          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
-        }
-      ],
-      "modified": "2020-05-11T16:13:43.062Z",
-      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) checks if a targeted application is running in user-space prior to infection.(Citation: CheckPoint Agent Smith) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout-Adware",
-          "description": "Michael Bentley. (2015, November 4). Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2015/11/04/trojanized-adware/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T21:26:05.199Z",
-      "description": "[ShiftyBug](https://attack.mitre.org/software/S0294) is auto-rooting adware that embeds itself as a system application, making it nearly impossible to remove.(Citation: Lookout-Adware)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c80a6bef-b3ce-44d0-b113-946e93124898",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab",
-      "created": "2023-01-18T19:16:15.534Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T17:54:10.458Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can use keylogging to steal user banking credentials.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7",
-      "created": "2020-07-20T13:27:33.440Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos-WolfRAT",
-          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
-          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T20:26:22.984Z",
-      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can collect SMS messages.(Citation: Talos-WolfRAT)",
-      "relationship_type": "uses",
-      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
       "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -42237,69 +39304,43 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df",
-      "created": "2020-12-14T14:52:03.351Z",
+      "id": "relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7",
+      "created": "2023-03-20T15:33:34.181Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:42:46.952Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--67aa692c-24e4-483e-996e-02ce1e861ec8",
-      "created": "2023-02-28T20:37:29.206Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "proofpoint_flubot_0421",
-          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
-          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-31T22:09:02.129Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can add display overlays onto banking apps to capture credit card information.(Citation: proofpoint_flubot_0421)",
-      "relationship_type": "uses",
-      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--592331d2-60a7-4264-b844-fbeb89b6386c",
-      "created": "2023-03-20T18:58:56.942Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:58:56.942Z",
-      "description": "",
+      "modified": "2023-08-07T17:19:28.650Z",
+      "description": "System partition integrity checking mechanisms can detect unauthorized or malicious code contained in the system partition.",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab",
+      "created": "2023-01-18T19:58:21.223Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-01-18T19:58:21.223Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) has used RSA to encrypt the symmetric encryption key used for C2 messages.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -42307,275 +39348,30 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
       "type": "relationship",
-      "id": "relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca",
-      "created": "2022-04-06T13:22:57.754Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
+      "id": "relationship--b3a14001-e0c0-4f13-ac03-04e56dc0e312",
+      "created": "2023-10-10T15:33:59.311Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:22:57.754Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
-      "target_ref": "attack-pattern--3e091a89-a493-4a6c-8e88-d57be19bb98d",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.305Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
         }
       ],
-      "modified": "2020-07-15T20:20:59.305Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) abuses the accessibility service to prevent removing administrator permissions, accessibility permissions, and to set itself as the default SMS handler.(Citation: Bitdefender Mandrake)",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.311Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has been incorporated into trojanized applications, including Uyghur/Arabic focused keyboards, alphabets, and plugins, as well as official-looking Google applications.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--554ec347-c8b2-43da-876b-36608dcc543d",
-      "created": "2017-10-25T14:48:53.746Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "TelephonyManager",
-          "url": "https://developer.android.com/reference/android/telephony/TelephonyManager.html",
-          "description": "Android. (n.d.). TelephonyManager. Retrieved December 21, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Android 10 introduced changes that prevent normal applications from accessing sensitive device identifiers.(Citation: TelephonyManager) ",
-      "modified": "2022-03-30T21:04:59.921Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438",
-      "created": "2018-10-17T00:14:20.652Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "PaloAlto-SpyDealer",
-          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
-          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T19:53:53.384Z",
-      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)",
-      "relationship_type": "uses",
-      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4aec0738-2c76-4dc7-af8a-87785e658193",
-      "created": "2021-10-01T14:42:49.152Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:26:18.801Z",
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can run shell commands.(Citation: SecureList BusyGasper)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3e2474d3-f36d-4193-92f6-273296befdd3",
-      "created": "2022-04-05T19:38:18.760Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Users should protect their account credentials and enable multi-factor authentication options when available. ",
-      "modified": "2022-04-05T19:38:18.760Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
-      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a737289-c62d-4c0a-a857-6d116f774864",
-      "type": "relationship",
-      "created": "2020-06-26T15:12:40.077Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "ESET DEFENSOR ID",
-          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/",
-          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:12:40.077Z",
-      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) can abuse the accessibility service to read any text displayed on the screen.(Citation: ESET DEFENSOR ID)",
-      "relationship_type": "uses",
-      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--1e286a4a-63cd-47df-a034-11a5d92daceb",
-      "created": "2022-04-06T15:41:03.981Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T15:41:03.981Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
-      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--6846dc09-b66a-42d3-aea2-c80b51f22952",
-      "created": "2023-02-28T21:42:31.008Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-28T21:42:31.008Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can record audio using the device microphone.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1",
-      "created": "2021-10-01T14:42:49.176Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "SecureList BusyGasper",
-          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
-          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect every user screen tap and compare the input to a hardcoded list of coordinates to translate the input to a character.(Citation: SecureList BusyGasper)",
-      "modified": "2022-04-15T17:33:49.565Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7",
-      "created": "2023-03-15T16:26:04.949Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-15T16:26:04.949Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e",
-      "created": "2022-03-30T13:45:39.184Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "Device attestation can often detect jailbroken or rooted devices.",
-      "modified": "2022-03-30T13:45:39.184Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
-      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+      "x_mitre_attack_spec_version": "2.1.0"
     },
     {
       "object_marking_refs": [
@@ -42604,40 +39400,2041 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c",
       "type": "relationship",
-      "created": "2020-12-18T20:14:47.371Z",
+      "id": "relationship--b402664b-a5b4-45e4-832f-02638e6c67a7",
+      "created": "2022-04-01T14:59:17.991Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can take appropriate action when jailbroken devices are detected, potentially limiting the adversary’s access to password stores. ",
+      "modified": "2022-04-01T14:59:17.991Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213",
+      "created": "2022-04-20T17:31:58.697Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "TrendMicro Coronavirus Updates",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
+          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) has exfiltrated data using FTP.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2022-04-20T17:31:58.697Z",
+      "relationship_type": "uses",
+      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
+      "target_ref": "attack-pattern--37047267-3e56-453c-833e-d92b68118120",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+          "source_name": "Lookout-EnterpriseApps",
+          "description": "Lookout. (2016, May 25). 5 active mobile threats spoofing enterprise apps. Retrieved December 19, 2016.",
+          "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
         }
       ],
-      "modified": "2020-12-18T21:00:05.246Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) gathers audio from the microphone.(Citation: Lookout-EnterpriseApps)",
       "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b43c87a7-de40-4673-9808-57c7ffca7b98",
+      "created": "2023-07-21T19:54:21.877Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:54:21.877Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) has masqueraded as popular Korean banking apps.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be",
+      "created": "2021-02-17T20:43:52.337Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020.",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:30:32.294Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has read SMS messages for exfiltration.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.184Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:49.184Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect the device’s location information based on cellular network or GPS coordinates.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4735277-516a-4cd2-9607-a3e415945d93",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.800Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:54:20.494Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can remotely capture device audio.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b477afcb-7449-4fae-b4aa-c512c22d7500",
+      "type": "relationship",
+      "created": "2020-09-15T15:18:12.394Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020."
+        }
+      ],
+      "modified": "2020-09-15T15:18:12.394Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can send SMS messages.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
       "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd",
+      "created": "2021-02-08T16:36:20.707Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:05:01.189Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has installed malicious MDM profiles on iOS devices as part of Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.445Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.445Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s camera.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--477edf7d-cc1f-49b7-9d96-f88399808775",
-      "created": "2022-04-05T20:15:43.660Z",
+      "id": "relationship--b536f233-8c43-4671-b8e8-d72a4806946d",
+      "created": "2022-04-05T17:14:23.789Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-05T20:15:43.660Z",
+      "modified": "2022-04-05T17:14:23.789Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
-      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "source_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b53d1c92-b71f-434e-aa4f-08b8db765248",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.604Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "modified": "2019-08-12T17:30:07.572Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) tracks the latitude and longitude coordinates of the infected device.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.698Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.412Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included location tracking capabilities in the malicious apps deployed as part of Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070",
+      "created": "2020-12-18T20:14:47.302Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has used Firebase for C2 communication.(Citation: WhiteOps TERRACOTTA)",
+      "modified": "2022-04-18T19:18:56.475Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b5f3b110-fc66-4369-89f3-621c945d655f",
+      "type": "relationship",
+      "created": "2020-04-27T16:52:49.444Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "modified": "2020-04-27T16:52:49.444Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) encrypts data prior to exfiltration.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b610c587-576a-40cc-9f76-6362455c8ff4",
+      "created": "2023-03-20T18:43:01.334Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:49:09.975Z",
+      "description": "Application vetting services can detect and closely scrutinize applications that utilize Device Administrator access.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b6323cf4-8141-4910-8743-e42cd15b49e9",
+      "created": "2023-07-21T19:53:59.148Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:53:59.148Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can send exfiltrated data back to the C2 server.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b641e5b8-5981-452a-99f0-3598c783e5ee",
+      "created": "2019-08-07T15:57:13.443Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019.",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:30:47.506Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) can intercept incoming SMS messages.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b6726136-3c20-4921-a0cb-75a66f59107c",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.296Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect network configuration data from the device, including phone number, SIM operator, and network operator.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-Obad",
+          "description": "Veo Zhang. (2013, June 13). Cybercriminals Improve Android Malware Stealth Routines with OBAD. Retrieved December 9, 2016.",
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-improve-android-malware-stealth-routines-with-obad/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[OBAD](https://attack.mitre.org/software/S0286) contains encrypted code along with an obfuscated decryption routine to make it difficult to analyze.(Citation: TrendMicro-Obad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ca4f63b9-a358-4214-bb26-8c912318cfde",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b697a198-8949-43e0-b2b8-23498373c920",
+      "created": "2023-03-20T18:37:13.628Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:28:09.643Z",
+      "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b6feb018-65e3-46ff-b872-e4385b6f3b34",
+      "created": "2023-08-23T22:48:11.931Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-23T22:50:11.248Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) may prevent application removal by abusing Android’s ` performGlobalAction(int)` API call. ",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "PaloAlto-DualToy",
+          "description": "Claud Xiao. (2016, September 13). DualToy: New Windows Trojan Sideloads Risky Apps to Android and iOS Devices. Retrieved January 24, 2017.",
+          "url": "https://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[DualToy](https://attack.mitre.org/software/S0315) side loads malicious or risky apps to both Android and iOS devices via a USB connection.(Citation: PaloAlto-DualToy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--507fe748-5e4a-4b45-9e9f-8b1115f4e878",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Pegasus",
+          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) has the ability to record audio.(Citation: Lookout-Pegasus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b7a31a11-6c84-4c28-a548-4751e4d71134",
+      "created": "2020-05-04T14:04:56.158Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Bread](https://attack.mitre.org/software/S0432) can perform SMS fraud on older versions of the malware, and toll fraud on newer versions.(Citation: Google Bread)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10",
+      "created": "2023-03-03T15:36:15.840Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T15:36:15.840Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access device call logs.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87",
+      "type": "relationship",
+      "created": "2021-01-05T20:16:20.495Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
+        }
+      ],
+      "modified": "2021-01-05T20:16:20.495Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect device photos and credentials from other applications.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f",
+      "created": "2020-10-29T19:01:13.839Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:54:05.374Z",
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) can prevent the user from interacting with the UI by using a carefully crafted \"call\" notification screen. This is coupled with overriding the `onUserLeaveHint()` callback method to spawn a new notification instance when the current one is dismissed. (Citation: Microsoft MalLockerB)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "HackerNews-Allwinner",
+          "url": "https://thehackernews.com/2016/05/android-kernal-exploit.html",
+          "description": "Mohit Kumar. (2016, May 11). Kernel Backdoor found in Gadgets Powered by Popular Chinese ARM Maker. Retrieved September 18, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "A Linux kernel distributed by [Allwinner](https://attack.mitre.org/software/S0319) reportedly contained an simple backdoor that could be used to obtain root access. It was believed to have been left in the kernel by mistake by the authors.(Citation: HackerNews-Allwinner)",
+      "modified": "2022-04-15T15:16:35.892Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--08784a9d-09e9-4dce-a839-9612398214e8",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b81f9698-b9d1-4a6a-b836-f7e29232693a",
+      "created": "2023-09-28T17:26:10.893Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "kaspersky_fakecalls_0422",
+          "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+          "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:26:10.893Z",
+      "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can manipulate a device’s call log, including deleting incoming calls.(Citation: kaspersky_fakecalls_0422)",
+      "relationship_type": "uses",
+      "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b8606318-8c12-4381-ba33-5b2321772ea0",
+      "created": "2022-03-30T20:31:57.183Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be advised to be extra scrutinous of applications that request location or sensitive phone information permissions, and to deny any permissions requests for applications they do not recognize.",
+      "modified": "2022-03-30T20:31:57.183Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--b96e8699-4bd2-4793-8f9c-88d6e4c50e98",
+      "created": "2023-09-28T17:39:35.622Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro FlyTrap",
+          "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+          "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:39:35.622Z",
+      "description": "[FlyTrap](https://attack.mitre.org/software/S1093) has used infected applications with Facebook login prompts to steal credentials.(Citation: Trend Micro FlyTrap)",
+      "relationship_type": "uses",
+      "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c",
+      "created": "2022-04-01T16:51:20.688Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should scrutinize every device administration permission request. If the request is not expected or the user does not recognize the application, the application should be uninstalled immediately.",
+      "modified": "2022-04-01T16:51:20.688Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.871Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-24T18:24:35.795Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can collect application database files, including Gmail, Hangouts, device photos, and container directories of third-party apps.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.004Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.004Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has checked for system root.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51",
+      "created": "2020-12-14T14:52:03.359Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:12:27.624Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has communicated with the C2 using HTTP.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ba116807-ef1c-4621-84c8-9921fa7b735e",
+      "created": "2023-09-28T17:19:21.499Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:19:21.499Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can request the `GET_ACCOUNTS` permission to get the list of accounts on the device, and can collect media files.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.296Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can collect the device’s location.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.746Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-01T19:48:44.878Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.294Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can obtain a list of installed applications.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--baad8ab8-f05f-4e31-9671-44c009ae3ecf",
+      "created": "2023-08-09T14:38:34.721Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T14:38:34.721Z",
+      "description": "Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106",
+      "type": "relationship",
+      "created": "2020-12-14T14:52:03.255Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T14:52:03.255Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf",
+      "created": "2023-03-20T18:59:14.759Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:31:10.270Z",
+      "description": "Application vetting services can detect unnecessary and potentially abused API calls.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630",
+      "created": "2020-07-15T20:20:59.300Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can manipulate visual components to trick the user into granting dangerous permissions, and can use phishing overlays and JavaScript injection to capture credentials.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FireEye-RuMMS",
+          "description": "Wu Zhou, Deyu Hu, Jimmy Su, Yong Kang. (2016, April 26). RUMMS: THE LATEST FAMILY OF ANDROID MALWARE ATTACKING USERS IN RUSSIA VIA SMS PHISHING. Retrieved February 6, 2017.",
+          "url": "https://www.fireeye.com/blog/threat-research/2016/04/rumms-android-malware.html"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[RuMMS](https://attack.mitre.org/software/S0313) gathers device model and operating system version information and transmits it to a command and control server.(Citation: FireEye-RuMMS)",
+      "relationship_type": "uses",
+      "source_ref": "malware--936be60d-90eb-4c36-9247-4b31128432c4",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bb77cfbe-ac95-4cc2-acbc-8cefa15b9387",
+      "created": "2023-06-09T19:09:30.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T19:15:08.695Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can gather device call logs.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402",
+      "created": "2021-10-01T14:42:49.178Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021.",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:25:39.509Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect SMS messages.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bba8b056-acbe-4fed-b890-965a446d7a3c",
+      "created": "2022-04-01T18:45:00.923Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be warned against granting access to accessibility features and device administration services, and to carefully scrutinize applications that request these dangerous permissions. Users should be taught how to boot into safe mode to uninstall malicious applications that may be interfering with the uninstallation process.",
+      "modified": "2022-04-01T18:45:00.923Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af",
+      "created": "2023-01-18T21:20:01.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:56:41.614Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use HTTP to send C2 messages to infected devices.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.887Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.887Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the device’s model, country, and Android version.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via binary SMS.(Citation: Kaspersky-Skygofree)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2",
+      "created": "2023-03-20T18:51:44.864Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:08:11.867Z",
+      "description": "The user can examine the list of all installed applications, including those with a suppressed icon, in the device settings. If the user is redirected to the device settings when tapping an application’s icon, they should inspect the application to ensure it is genuine.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.378Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can copy files from the device to the C2 server.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bc59883f-672e-4dc8-a7de-f713a26f88e1",
+      "created": "2023-08-14T16:31:37.179Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:31:37.179Z",
+      "description": "Many properly configured firewalls may naturally block command and control traffic.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bc79a212-139f-4dce-be72-e90585f38f03",
+      "created": "2023-03-16T18:31:37.091Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T21:11:17.731Z",
+      "description": "The user can view their default phone app in device settings.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8",
+      "created": "2019-11-21T16:42:48.459Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:37:19.124Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can delete arbitrary files from the device.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bc870a55-5499-4146-91ef-ea74647c3e10",
+      "created": "2023-07-12T20:50:03.159Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-12T20:50:03.159Z",
+      "description": "Users should be encouraged to only install apps from authorized app stores, which are less likely to contain malicious repackaged apps.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a",
+      "created": "2022-03-30T19:54:43.835Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain fixes for vulnerabilities that could be leveraged to modify protected operating system files. ",
+      "modified": "2022-03-30T19:54:43.835Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.381Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.381Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has retrieved account information for other applications.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8",
+      "created": "2022-04-15T15:57:32.958Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:21:49.009Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can enable app installation from unknown sources.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd29ce15-1771-470c-a74b-5ea90832ce23",
+      "created": "2020-12-24T22:04:27.911Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:31:11.269Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected SMS messages.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bd351b17-e995-4528-bbea-e1138c51476a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.683Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) exfiltrates data from over 40 apps such as WeChat, Facebook, WhatsApp, Skype, and others.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c",
+      "created": "2020-09-11T14:54:16.646Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:45:14.199Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can hide its icon.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9",
+      "created": "2022-04-01T13:19:41.207Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T13:19:41.207Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--4e6620ac-c30c-4f6d-918e-fa20cae7c1ce",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1",
+      "created": "2023-01-18T19:13:15.991Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:11:24.686Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) has code to use Firebase Cloud Messaging for receiving C2 instructions.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.799Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.138Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can record video.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf",
+      "created": "2023-03-16T18:28:28.144Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:11:45.377Z",
+      "description": "On both Android and iOS, the user can manage which applications have permission to access calendar information through the device settings screen, revoke the permission if necessary. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bdc59dcf-0e0a-4d47-b289-0c298115215f",
+      "created": "2023-08-23T22:17:13.986Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-23T22:17:13.986Z",
+      "description": "Security updates frequently contain patches to vulnerabilities. ",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be136fd1-6949-4de6-be37-6d76f8def41a",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-10-15T19:37:21.366Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests location data from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be17dc63-5b0a-491a-be5f-132058444c3a",
+      "type": "relationship",
+      "created": "2019-08-09T17:52:13.352Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.877Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) has the ability to take pictures using the device camera.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.975Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-10-14T17:51:38.054Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) queries the device for metadata such as make, model, and power levels.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be27a303-5748-4b72-ba69-a328e2f6cc08",
+      "type": "relationship",
+      "created": "2020-12-31T18:25:05.177Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2020-12-31T18:25:05.177Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can download new modules while running.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--be39c012-7201-4757-8cd6-c855bc945a9e",
+      "type": "relationship",
+      "created": "2019-07-10T15:25:57.623Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "modified": "2019-08-12T17:30:07.568Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) comes packaged with ExynosAbuse, an Android exploit that can gain root privileges.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--be7c3f83-b164-4d53-bfac-65f7437dabec",
+      "created": "2023-03-20T18:54:36.266Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:13:28.972Z",
+      "description": "The user can view a list of device administrators and applications that have registered accessibility services in device settings. The user can typically visually see when an action happens that they did not initiate and can subsequently review installed applications for any out of place or unknown ones. Applications that register an accessibility service or request device administrator permissions should be scrutinized further for malicious behavior.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--be8d0cd6-be77-456e-bcfb-6325cb8ba137",
+      "created": "2023-09-28T17:20:15.010Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:20:15.010Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can access external storage.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c",
+      "type": "relationship",
+      "created": "2020-06-26T14:55:13.380Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T14:55:13.380Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) dynamically loads its malicious functionality at runtime from an RC4-encrypted TTF file. [EventBot](https://attack.mitre.org/software/S0478) also utilizes ProGuard to obfuscate the generated APK file.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "modified": "2019-10-09T14:51:42.827Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bee919a6-c488-49a0-9848-fff19aa2c276",
+      "type": "relationship",
+      "created": "2021-09-24T14:47:34.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-04T20:08:48.556Z",
+      "description": "Mobile security products can often detect rooted devices.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--ccde43e4-78f9-4f32-b401-c081e7db71ea",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bef936d5-736e-491a-9c30-37b8362a5d96",
+      "created": "2023-07-21T19:33:48.439Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:33:48.439Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can access device call logs.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--befa3b5a-e4f4-4ed3-ada1-860a034284d2",
+      "created": "2023-09-28T17:19:51.110Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:19:51.110Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can access the device’s call log.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8",
+      "created": "2019-09-04T15:38:56.721Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:48:43.225Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) uses root access to establish reboot hooks to re-install the application from `/data/misc/adn`.(Citation: FortiGuard-FlexiSpy) At boot, [FlexiSpy](https://attack.mitre.org/software/S0408) spawns daemons for process monitoring, call monitoring, call managing, and system.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "modified": "2019-10-10T15:24:09.355Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bf33711d-a4d2-4957-9b1f-49c5b83958db",
+      "created": "2023-09-21T22:51:40.666Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T22:51:40.666Z",
+      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) can compromise iPhones running iOS 16.6 without any user interaction.",
+      "relationship_type": "uses",
+      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+      "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--bf901bab-3caa-4d05-a859-d9fb4d838304",
+      "type": "relationship",
+      "created": "2019-10-10T15:27:22.091Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-10T15:27:22.091Z",
+      "description": "[Tangelo](https://attack.mitre.org/software/S0329) accesses browser history, pictures, and videos.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bfad064a-0a49-44e3-b283-94653edc12af",
+      "created": "2023-08-07T17:13:04.270Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T17:13:04.270Z",
+      "description": "Mobile security products can often alert the user if their device is vulnerable to known exploits.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962",
+      "created": "2022-03-30T19:54:07.548Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect devices with unauthorized or unsafe modifications. ",
+      "modified": "2022-03-30T19:54:07.548Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0",
+      "created": "2023-03-15T16:39:32.117Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T21:00:59.182Z",
+      "description": "Application vetting services should look for applications that request VPN access. These applications should be heavily scrutinized since VPN functionality is not very common. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c00031dd-0466-4fd2-9724-ab1c04232bad",
+      "created": "2023-03-20T18:44:40.722Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:28:27.010Z",
+      "description": "Application vetting services can detect unnecessary and potentially abused API calls.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95",
+      "type": "relationship",
+      "created": "2019-10-18T15:51:48.525Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2019-10-18T15:51:48.525Z",
+      "description": "Users should be advised not to use public charging stations or computers to charge their devices. Instead, users should be issued a charger acquired from a trustworthy source. Users should be advised not to click on device prompts to trust attached computers unless absolutely necessary.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c",
+      "created": "2022-04-06T15:52:07.805Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:52:07.805Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -42672,222 +41469,243 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07",
       "type": "relationship",
-      "created": "2020-11-10T17:08:35.634Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-11-10T17:08:35.634Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--3bf5a566-986b-478c-b2da-e57caf261378",
-      "type": "relationship",
-      "created": "2019-09-03T19:45:48.515Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
-        }
-      ],
-      "modified": "2019-09-11T13:25:19.216Z",
-      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two attempts to elevate privileges by using a modified version of the DirtyCow exploit.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408",
-      "created": "2017-12-14T16:46:06.044Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network.(Citation: Lookout-Pegasus)",
-      "modified": "2022-04-15T19:47:48.036Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--8726b157-3575-450f-bb7f-f17bb18e6aef",
-      "created": "2022-03-30T20:41:43.314Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "New OS releases frequently contain additional limitations or controls around device location access.",
-      "modified": "2022-03-30T20:41:43.314Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363",
-      "type": "relationship",
-      "created": "2020-12-24T22:04:27.992Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2020-12-24T22:04:27.992Z",
-      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
-      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de",
-      "created": "2023-01-18T19:16:45.773Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-27T18:07:34.581Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) has used custom encryption to hide strings, potentially to evade antivirus products.(Citation: cyble_drinik_1022)",
-      "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--63e67cba-4eae-4495-8897-2610103a0c41",
-      "type": "relationship",
-      "created": "2017-12-14T16:46:06.044Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
-        }
-      ],
-      "modified": "2018-10-17T00:14:20.652Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) exploits iOS vulnerabilities to escalate privileges.(Citation: Lookout-Pegasus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57",
-      "created": "2023-03-20T18:43:49.345Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:49.345Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
-      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e",
-      "created": "2022-04-05T17:03:34.941Z",
+      "id": "relationship--c1512591-7440-4a69-93b9-fe439a4c197e",
+      "created": "2022-03-28T19:40:40.860Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-04-05T17:03:34.941Z",
+      "modified": "2022-03-28T19:40:40.860Z",
       "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "source_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--c16c7904-3c85-49de-a0f4-872f4227d775",
+      "created": "2023-10-10T15:33:59.143Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:59.143Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) was embedded into legitimate applications using Smali injection.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c186864b-0af9-42eb-92ba-b8a6952e89b6",
+      "created": "2023-07-21T19:36:09.214Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:36:09.214Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can take photos using the device cameras.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd",
+      "created": "2023-03-20T15:40:11.819Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:13:31.468Z",
+      "description": "On both Android and iOS, the user can manage which applications have permission to access the contact list through the device settings screen, revoking the permission if necessary. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c23d9eff-1d4e-479f-a114-acc535540a23",
+      "created": "2023-03-20T18:46:51.895Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:29:07.329Z",
+      "description": "Application vetting services can detect unnecessary and potentially abused permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1",
       "type": "relationship",
-      "created": "2020-07-20T13:49:03.693Z",
+      "id": "relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad",
+      "created": "2021-10-01T14:42:49.159Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can utilize the device’s sensors to determine when the device is in use and subsequently hide malicious activity. When active, it attempts to hide its malicious activity by turning the screen’s brightness as low as possible and muting the device.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.407Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "TrendMicro-XLoader-FakeSpy",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
-          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
         }
       ],
-      "modified": "2020-09-24T15:12:24.242Z",
-      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "modified": "2021-02-17T20:43:52.407Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has gathered the device manufacturer, model, and serial number.(Citation: Lookout FrozenCell)",
       "relationship_type": "uses",
-      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c33b7dfb-82ad-4a7c-a84c-6e7e9849253b",
+      "created": "2023-08-14T16:35:55.610Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:35:55.610Z",
+      "description": "Many properly configured firewalls may naturally block one-way command and control traffic.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4",
+      "created": "2020-09-15T15:18:12.362Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:31:30.741Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect SMS messages.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396",
+      "created": "2023-03-20T18:40:12.814Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:15:46.818Z",
+      "description": "The user can view a list of active device administrators in the device settings.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.332Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.332Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s IMEI, phone number, and IP address.(Citation: Threat Fabric Exobot) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
       "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
@@ -42896,67 +41714,242 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--4586277d-bebd-4717-87c6-a31a9be741ed",
+      "id": "relationship--c374c9ce-ff30-4daa-bdec-8015a507746a",
       "type": "relationship",
-      "created": "2020-12-24T21:45:56.982Z",
+      "created": "2018-10-17T00:14:20.652Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
         }
       ],
-      "modified": "2020-12-24T21:45:56.982Z",
-      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can get file lists on the SD card.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2019-08-09T18:08:07.145Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has a capability to obtain files from other installed applications.(Citation: Kaspersky-Skygofree)",
       "relationship_type": "uses",
-      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d",
+      "created": "2023-03-15T16:34:51.794Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:43:05.577Z",
+      "description": "Application vetting services could closely scrutinize applications that request Device Administrator permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619",
+      "created": "2023-03-20T18:44:04.803Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:59:29.793Z",
+      "description": "On Android, users may be presented with a popup to select the appropriate application to open the URI in. If the user sees an application they do not recognize, they can remove it.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--45253350-c802-4566-a72d-57d43d05fd63",
       "type": "relationship",
-      "created": "2020-05-07T15:24:49.530Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2020-05-27T13:23:34.536Z",
-      "description": "Security updates frequently contain patches to vulnerabilities.",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
-      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "id": "relationship--c3c2bf20-fa33-4af4-92ec-d60679e1d4ee",
+      "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:41:16.871Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2",
+      "target_ref": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9",
-      "created": "2021-01-05T20:16:20.500Z",
+      "id": "relationship--c41d817e-913e-4574-b8d4-370de9f0034b",
+      "created": "2019-11-18T14:47:25.327Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+          "source_name": "Google Triada June 2019",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
+        },
+        {
+          "source_name": "Kaspersky Triada March 2016",
+          "description": "Snow, J. (2016, March 3). Triada: organized crime on Android. Retrieved July 16, 2019.",
+          "url": "https://www.kaspersky.com/blog/triada-trojan/11481/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:27:33.948Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can collect SMS messages from the device.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2023-04-05T21:19:16.331Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) injects code into the Zygote process to effectively include itself in all forked processes. Additionally, code is injected into the Android Play Store App, web browser applications, and the system UI application.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada March 2016)",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77",
+      "created": "2022-04-06T15:52:41.579Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:52:41.579Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--a5de0540-73e7-4c67-96da-4143afedc7ed",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb",
+      "created": "2023-03-20T18:43:03.537Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T21:11:29.381Z",
+      "description": "Mobile security products can detect which applications can request device administrator permissions. Application vetting services could look for use of APIs that could indicate the application is trying to hide activity.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76",
+      "created": "2023-03-20T18:42:18.058Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T21:12:52.481Z",
+      "description": "The user can view applications with administrator access through the device settings, and may also notice if user data is inexplicably missing. The user can see a list of applications that can use accessibility services in the device settings. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd",
+      "type": "relationship",
+      "created": "2020-05-04T14:04:56.214Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Google Bread",
+          "url": "https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html",
+          "description": "A. Guertin, V. Kotov, Android Security & Privacy Team. (2020, January 9). PHA Family Highlights: Bread (and Friends) . Retrieved April 27, 2020."
+        }
+      ],
+      "modified": "2020-05-04T15:40:21.076Z",
+      "description": "[Bread](https://attack.mitre.org/software/S0432) has used native code in an attempt to disguise malicious functionality.(Citation: Google Bread)",
+      "relationship_type": "uses",
+      "source_ref": "malware--108b2817-bc01-404e-8e1b-8cdeec846326",
+      "target_ref": "attack-pattern--52eff1c7-dd30-4121-b762-24ae6fa61bbb",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c4d71eb8-2099-44b9-be45-758f9e6a771a",
+      "created": "2023-10-10T15:33:57.823Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:57.823Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has masqueraded as a client of popular free ads services.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4",
+      "type": "relationship",
+      "created": "2020-09-11T15:57:37.770Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-09-11T15:57:37.770Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can delete SMS messages.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "type": "relationship",
       "id": "relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c",
@@ -42987,178 +41980,68 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106",
       "type": "relationship",
-      "created": "2020-12-14T14:52:03.255Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Sophos Red Alert 2.0",
-          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
-          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
-        }
-      ],
-      "modified": "2020-12-14T14:52:03.255Z",
-      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has stored data embedded in the strings.xml resource file.(Citation: Sophos Red Alert 2.0)",
-      "relationship_type": "uses",
-      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
-      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "id": "relationship--c53170a0-ca7f-4827-9c3c-1803ecd131f9",
+      "created": "2018-10-17T00:14:20.652Z",
       "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b",
-      "type": "relationship",
-      "created": "2020-04-08T15:41:19.321Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Cofense Anubis",
-          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
-          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:50:02.057Z",
-      "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e",
-      "created": "2022-03-30T20:45:34.433Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Android Package Visibility",
-          "url": "https://developer.android.com/training/package-visibility",
-          "description": "Google. (n.d.). Package visibility filtering on Android. Retrieved April 11, 2022."
-        }
-      ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "Android 11 introduced privacy enhancements to package visibility, filtering results that are returned from the package manager. iOS 12 removed the private API that could previously be used to list installed applications on non-app store applications.(Citation: Android Package Visibility)",
-      "modified": "2022-04-11T19:19:52.562Z",
+      "description": "",
+      "modified": "2022-04-06T15:41:33.832Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
-      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16",
+      "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--50c81a85-8c70-48df-a338-8622d2debc74",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--c546dd04-2060-44bf-ba1e-d1c1edc54687",
+      "created": "2023-10-10T15:33:58.973Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+          "source_name": "CheckPoint SimBad 2019",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:38:39.008Z",
-      "description": "[Tangelo](https://attack.mitre.org/software/S0329) contains functionality to gather call logs.(Citation: Lookout-StealthMango)",
+      "modified": "2023-10-10T15:33:58.973Z",
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) was embedded into legitimate applications.(Citation: CheckPoint SimBad 2019)",
       "relationship_type": "uses",
-      "source_ref": "malware--35aae10a-97c5-471a-9c67-02c231a7a31a",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+      "x_mitre_attack_spec_version": "2.1.0"
     },
     {
       "type": "relationship",
-      "id": "relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549",
-      "created": "2023-03-20T18:24:56.396Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:24:56.396Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--bde9304b-4421-4185-a2c6-dabe1c080587",
-      "created": "2023-03-16T18:31:48.708Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-16T18:31:48.708Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b",
-      "created": "2023-03-20T18:59:46.622Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:59:46.622Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--c574251b-93ad-4f55-8b84-2700dfab4622",
+      "created": "2020-07-15T20:20:59.280Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-Pegasus",
-          "description": "Lookout. (2016). Technical Analysis of Pegasus Spyware. Retrieved December 12, 2016.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf"
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:34:08.372Z",
-      "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) gathers contacts from the system by dumping the victim's address book.(Citation: Lookout-Pegasus)",
+      "modified": "2023-04-05T20:45:27.443Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can hide its icon on older Android versions.(Citation: Bitdefender Mandrake)",
       "relationship_type": "uses",
-      "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43168,9 +42051,93 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--5e360913-4986-4423-8d3c-46d3202b7787",
+      "id": "relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c",
       "type": "relationship",
-      "created": "2019-09-04T14:28:15.471Z",
+      "created": "2019-09-04T15:38:56.946Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "FlexiSpy-Features",
+          "url": "https://www.flexispy.com/en/features-overview.htm",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.136Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can retrieve a list of installed applications.(Citation: FlexiSpy-Features) ",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429",
+      "created": "2022-04-01T18:51:28.859Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates frequently contain patches to vulnerabilities that can be exploited for root access.",
+      "modified": "2022-04-01T18:51:28.859Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.497Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019."
+        }
+      ],
+      "modified": "2019-11-21T16:42:48.497Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can take photos from both the front and back cameras.(Citation: SecureList - ViceLeaker 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33",
+      "created": "2023-03-20T19:00:09.608Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:11:30.820Z",
+      "description": "Mobile security products integrated with Samsung Knox for Mobile Threat Defense can monitor processes to see if security tools are killed or stop running.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.000Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -43179,99 +42146,354 @@
           "source_name": "Lookout-Monokle"
         }
       ],
-      "modified": "2019-10-14T17:51:37.979Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve the salt used when storing the user’s password, aiding an adversary in computing the user’s plaintext password/PIN from the stored password hash. [Monokle](https://attack.mitre.org/software/S0407) can also capture the user’s dictionary, user-defined shortcuts, and browser history, enabling profiling of the user and their activities.(Citation: Lookout-Monokle)",
+      "modified": "2019-09-04T14:32:12.856Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can track the device's location.(Citation: Lookout-Monokle)",
       "relationship_type": "uses",
       "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c6464a84-e23b-412f-b435-5b23853d3643",
+      "created": "2020-09-14T13:35:45.909Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) encrypts its C2 communication.(Citation: ESET-Twitoor)",
+      "modified": "2022-04-20T12:58:23.550Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--ed2c05a1-4f81-4d97-9e1b-aff01c34ae84",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SuperMarioRun",
+          "description": "Viral Gandhi. (2017, January 12). Super Mario Run Malware #2 – DroidJack RAT. Retrieved January 20, 2017.",
+          "url": "https://www.zscaler.com/blogs/security-research/super-mario-run-malware-2-droidjack-rat"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:24:32.173Z",
+      "description": "[DroidJack](https://attack.mitre.org/software/S0320) captures call data.(Citation: Zscaler-SuperMarioRun)",
+      "relationship_type": "uses",
+      "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695",
+      "type": "relationship",
+      "created": "2020-09-11T16:23:16.363Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Desert Scorpion",
+          "url": "https://blog.lookout.com/desert-scorpion-google-play",
+          "description": "A. Blaich, M. Flossman. (2018, April 16). Lookout finds new surveillanceware in Google Play with ties to known threat actor targeting the Middle East. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:23:16.363Z",
+      "description": "[Desert Scorpion](https://attack.mitre.org/software/S0505) can send SMS messages.(Citation: Lookout Desert Scorpion)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3271c107-92c4-442e-9506-e76d62230ee8",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93",
+      "created": "2023-03-20T18:21:59.396Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:24:44.982Z",
+      "description": "Mobile security products may provide URL inspection services that could determine if a domain being visited is malicious.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f",
+      "created": "2020-06-24T18:24:35.707Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Project Zero Insomnia",
+          "description": "I. Beer. (2019, August 29). Implant Teardown. Retrieved June 2, 2020.",
+          "url": "https://googleprojectzero.blogspot.com/2019/08/implant-teardown.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:30:27.616Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) can extract the device’s keychain.(Citation: Google Project Zero Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2",
+      "created": "2023-03-20T18:48:39.857Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:56:56.738Z",
+      "description": "On Android, the user can view and manage which applications have third-party keyboard access through the device settings in System -> Languages & input -> Virtual keyboard. On iOS, the user can view and manage which applications have third-party keyboard access through the device settings in General -> Keyboard. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47",
+      "created": "2023-03-20T15:20:11.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016.",
+          "url": "https://source.android.com/security/verifiedboot/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T14:54:04.526Z",
+      "description": "Verified Boot can detect unauthorized modifications to the system partition.(Citation: Android-VerifiedBoot) Android’s SafetyNet API provides remote attestation capabilities, which could potentially be used to identify and respond to compromised devices. Samsung Knox provides a similar remote attestation capability on supported Samsung devices.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb",
+      "created": "2023-02-06T19:00:42.449Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:22:43.518Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can access a device's location.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd",
+      "created": "2022-04-01T15:03:02.553Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:03:02.553Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.728Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:48.728Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can send an SMS message after the device boots, messages containing logs, messages to adversary-specified numbers with custom content, and can delete all SMS messages on the device.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c86918a3-6e41-4dfb-8b18-650fff596801",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.207Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.207Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect device photos, PDF documents, Office documents, browser history, and browser bookmarks.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
       "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--75989cf6-c023-4ed3-9d23-a83f55690186",
-      "created": "2023-02-28T21:43:36.886Z",
+      "id": "relationship--c89d6493-3f33-4568-ac77-ba13b206ae69",
+      "created": "2023-03-20T18:52:24.667Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-02-28T21:43:36.886Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can read incoming text messages.(Citation: cloudmark_tanglebot_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "modified": "2023-08-08T22:24:12.960Z",
+      "description": "The user can view applications with administrator access through the device settings, and may also notice if user data is inexplicably missing. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f",
+      "created": "2020-06-26T15:12:40.100Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ESET DEFENSOR ID",
+          "description": "L. Stefanko. (2020, May 22). Insidious Android malware gives up all malicious features but one to gain stealth. Retrieved June 26, 2020.",
+          "url": "https://www.welivesecurity.com/2020/05/22/insidious-android-malware-gives-up-all-malicious-features-but-one-gain-stealth/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--22708018-defd-4690-8b0f-fe47e11cb5d6",
-      "type": "relationship",
-      "created": "2020-07-15T20:20:59.316Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Bitdefender Mandrake",
-          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
-          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
-        }
-      ],
-      "modified": "2020-07-15T20:20:59.316Z",
-      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can capture all device notifications and hide notifications from the user.(Citation: Bitdefender Mandrake)",
+      "modified": "2023-04-05T17:49:00.042Z",
+      "description": "[DEFENSOR ID](https://attack.mitre.org/software/S0479) abuses the accessibility service to auto-start the malware on device boot. This is accomplished by receiving the `android.accessibilityservice.AccessibilityService` intent.(Citation: ESET DEFENSOR ID)",
       "relationship_type": "uses",
-      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
-      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--684c17bb-2075-4e1f-9fcb-17408511222d",
-      "type": "relationship",
-      "created": "2021-09-20T13:54:19.957Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
-        }
-      ],
-      "modified": "2021-09-20T13:54:19.957Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can silently accept an incoming phone call.(Citation: Lookout Uyghur Campaign)",
-      "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "source_ref": "malware--5a5dca4c-03c1-4b99-bfcf-c206e20aa663",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f",
-      "created": "2023-03-20T15:56:34.418Z",
+      "id": "relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059",
+      "created": "2023-03-20T18:51:23.032Z",
       "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T15:56:34.418Z",
+      "modified": "2023-03-20T18:51:23.032Z",
       "description": "",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43279,35 +42501,108 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7",
-      "created": "2020-11-24T17:55:12.889Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Talos GPlayed",
-          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
-          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:22:27.554Z",
-      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request device administrator permissions.(Citation: Talos GPlayed)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
-      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "type": "relationship",
+      "id": "relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9",
+      "created": "2022-03-28T19:32:05.234Z",
+      "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "revoked": false,
+      "description": "Application developers should be cautious when selecting third-party libraries to integrate into their application.",
+      "modified": "2022-03-28T19:32:05.234Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9",
-      "created": "2020-09-15T15:18:12.419Z",
+      "id": "relationship--c943d462-fea7-4c01-88b2-de134153095b",
+      "created": "2023-03-20T18:56:37.473Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T22:09:50.728Z",
+      "description": "Application vetting services typically flag permissions requested by an application, which can be reviewed by an administrator. Certain dangerous permissions, such as `RECEIVE_SMS`, could receive additional scrutiny.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31",
+      "created": "2022-04-06T13:41:17.517Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T13:41:17.517Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
+      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c9769c36-d89b-40eb-92cb-8faa7d37a140",
+      "created": "2023-09-25T19:54:37.211Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-25T19:54:37.211Z",
+      "description": "When devices are enrolled in an EMM/MDM using device owner (iOS) or fully managed (Android) mode, the EMM/MDM can collect a list of installed applications on the device. An administrator can then act on, for example blocking, specific remote access applications from being installed on managed devices. ",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
+        }
+      ],
+      "modified": "2019-10-15T19:27:27.997Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) collects and exfiltrates information including IMEI, IMSI, MNC, MCC, nearby Wi-Fi networks, and other device and SIM-related info.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2",
+      "created": "2020-09-15T15:18:12.460Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -43320,11 +42615,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:56:18.859Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)",
+      "modified": "2023-04-05T19:58:31.945Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s network information.(Citation: Cybereason FakeSpy)",
       "relationship_type": "uses",
       "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43332,8 +42627,2944 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--a451966b-f826-422b-9505-f564b9988a9c",
-      "created": "2020-12-24T21:55:56.693Z",
+      "id": "relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106",
+      "created": "2023-03-15T16:26:38.465Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:29:35.623Z",
+      "description": "Application vetting services can look for applications requesting the `BIND_NOTIFICATION_LISTENER_SERVICE` permission in a service declaration. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ca486783-9413-4f39-8d2f-3adcb3e79127",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.657Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.657Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used an AES encrypted file in the assets folder with an unsuspecting name (e.g. ‘GoogleMusic.png’) for holding configuration and C2 information.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e",
+      "type": "relationship",
+      "created": "2019-09-23T13:36:08.386Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
+        }
+      ],
+      "modified": "2019-09-23T13:36:08.386Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects the device's IMEI and sends it to the command and control server.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ca568149-9971-4d15-b3db-ff7dabd49695",
+      "created": "2023-07-21T19:37:16.030Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:37:16.030Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can capture keystrokes.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59",
+      "created": "2020-11-24T18:18:33.743Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) has used web injects to capture users’ credentials.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-15T17:39:22.154Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.567Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.567Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) has encrypted exfiltrated data using AES in ECB mode.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cacc0b72-9d73-4381-90e9-545ba908722c",
+      "type": "relationship",
+      "created": "2019-09-15T15:35:33.215Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Vitor Ventura. (2019, April 9).  Gustuff banking botnet targets Australia . Retrieved September 3, 2019.",
+          "url": "https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html",
+          "source_name": "Talos Gustuff Apr 2019"
+        }
+      ],
+      "modified": "2019-09-15T15:35:33.215Z",
+      "description": "[Gustuff](https://attack.mitre.org/software/S0406) injects the global action `GLOBAL_ACTION_BACK` to mimic pressing the back button to close the application if a call to an open antivirus application is detected.(Citation: Talos Gustuff Apr 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cb5465c0-a577-45b1-becf-305e0bd47497",
+      "created": "2023-08-23T22:49:18.075Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-23T22:49:18.075Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) may prevent malware's uninstallation by abusing Android’s ` performGlobalAction(int)` API call.",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cb5a81bb-a3c6-4d7c-836c-c0bd6227b48f",
+      "created": "2023-07-21T19:42:12.649Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:42:12.649Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can inject malicious packages into applications already existing on an infected device.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c",
+      "created": "2022-04-01T18:48:03.156Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T18:48:03.156Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cbb07bef-f1da-41f6-b786-4a255e8bf985",
+      "created": "2023-08-04T18:34:07.176Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:34:07.176Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate compressed ZIP files containing gathered info to C2 infrastructure.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1",
+      "created": "2020-10-29T17:48:27.175Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:18:05.613Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can lock the device with a password and permanently disable the screen.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cbf17fea-141e-44b8-831c-b3cc41066420",
+      "type": "relationship",
+      "created": "2021-01-20T16:01:19.409Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        }
+      ],
+      "modified": "2021-01-20T16:01:19.409Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can download attacker-specified APK files.(Citation: Trend Micro Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cc0b8984-f561-4453-a2be-9be8bd62561e",
+      "created": "2023-09-28T17:21:45.855Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:21:45.855Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can monitor a device’s notifications.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cc345ae4-0d60-4f21-98b3-596c15118745",
+      "created": "2023-02-06T19:42:46.814Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:38:03.367Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can send SMS messages.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a",
+      "created": "2019-11-21T19:16:34.796Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint SimBad 2019",
+          "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
+          "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:45:42.081Z",
+      "description": "[SimBad](https://attack.mitre.org/software/S0419) hides its icon from the application launcher.(Citation: CheckPoint SimBad 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cc49561f-8364-4908-9111-ad3a6dcd922c",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--11bd699b-f2c2-4e48-bf46-fb3f8acd9799",
+      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.774Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.495Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted application strings using AES in ECB mode and Blowfish, and stored strings encoded in hex during Operation BULL. Further, in Operation BULL, encryption keys were stored within the application’s launcher icon file.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cc81b56c-cf73-4307-b950-e80246985195",
+      "created": "2019-10-18T14:50:57.473Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "OS security updates typically contain exploit patches when disclosed.",
+      "modified": "2022-03-28T19:20:44.337Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ccb6f906-a785-4695-91a5-f1bc210892dc",
+      "created": "2023-08-04T18:35:55.269Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:35:55.269Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate collected data as a ZIP file.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.078Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.078Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) attempts to gain root access by using local exploits.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cce82a76-5390-473d-9e7c-9450d1509d1d",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.314Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.314Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can download its second (Loader) and third (Core) stages after the dropper is installed.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.237Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.237Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s battery level, network operator, connection information, sensor information, and information about the device’s storage and memory.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328",
+      "created": "2022-03-30T19:34:09.377Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T19:34:09.377Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8c7862ff-3449-4ac6-b0fd-ac1298a822a5",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:53:53.384Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests contact lists from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.215Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.215Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain a list of running processes.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cd7a2294-1e14-42e8-b870-d99d73443b88",
+      "created": "2022-04-01T12:37:42.068Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be taught the danger behind granting unnecessary permissions to an application and should be advised to use extra scrutiny when an application requests them. ",
+      "modified": "2022-04-01T12:37:42.068Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c",
+      "created": "2023-03-20T18:51:29.814Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:08:59.640Z",
+      "description": "Application vetting services could potentially detect the usage of APIs intended for suppressing the application’s icon.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca",
+      "created": "2023-03-20T18:58:19.895Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:34:37.498Z",
+      "description": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cda58372-ae70-4716-8baf-cc06cb884ad6",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.015Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.015Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected a list of installed application names.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.408Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.408Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can track the device’s location.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cde60121-3d7c-47c8-abeb-582854425599",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.512Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.531Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can update the running malware.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cdf06664-903e-499b-86b4-b7bcce3c0740",
+      "created": "2023-09-28T17:20:27.451Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:20:27.451Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can modify, send, and delete SMS messages.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625",
+      "created": "2022-03-31T16:33:55.074Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-31T16:33:55.074Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--e4c347e9-fb91-4bc5-83b8-391e389131e2",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef",
+      "created": "2020-07-27T14:14:56.993Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Google Security Zen",
+          "url": "https://security.googleblog.com/2019/01/pha-family-highlights-zen-and-its.html",
+          "description": "Siewierski, L. (2019, January 11). PHA Family Highlights: Zen and its cousins . Retrieved July 27, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Zen](https://attack.mitre.org/software/S0494) can simulate user clicks on ads.(Citation: Google Security Zen)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--22faaa56-a8ac-4292-9be6-b571b255ee40",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b",
+      "created": "2023-03-20T15:56:47.307Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:31:45.237Z",
+      "description": "The user can see which applications are registered as device administrators in the device settings.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ce645a25-160f-443d-b288-fdd108b78a06",
+      "created": "2020-09-11T16:22:03.269Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:41:00.652Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s call log.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe",
+      "created": "2017-10-25T14:48:53.746Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "A locked bootloader could prevent unauthorized modifications to protected operating system files. ",
+      "modified": "2022-03-30T20:07:33.678Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--8ccd428d-39da-4e8f-a55b-d48ea1d56e58",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd",
+      "type": "relationship",
+      "created": "2019-07-10T15:35:43.699Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.839Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures audio from the device microphone.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--cea30219-a255-43ae-b731-9512c5044523",
+      "created": "2022-04-18T19:46:02.547Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-18T19:46:02.547Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b3c2e5de-0941-4b57-ba61-af029eb5517a",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.273Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.273Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can record audio and phone calls.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a",
+      "type": "relationship",
+      "created": "2019-08-09T17:53:48.716Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.716Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can capture photos using the front and back cameras.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cf2cfc6e-896a-4c99-b286-41f8dbd6fa4c",
+      "created": "2023-09-28T17:21:26.448Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:21:26.448Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can use VNC to remotely control an infected device.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca",
+      "created": "2019-09-03T19:45:48.510Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:10:15.827Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two collects a list of nearby base stations.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263",
+      "created": "2023-03-15T16:23:59.107Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:29:32.423Z",
+      "description": "When an application requests administrator permission, the user is presented with a popup and the option to grant or deny the request. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cf696296-751a-41e5-a9b0-907c7b991b2a",
+      "created": "2023-09-22T19:14:54.719Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T19:14:54.719Z",
+      "description": "Application vetting services may detect API calls for deleting files.  ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cf879fe8-9c31-48de-9e49-668d6cda67c5",
+      "created": "2023-07-12T20:35:36.527Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-12T20:35:36.527Z",
+      "description": "Users should be encouraged to only install apps from authorized app stores, which are less likely to contain malicious repackaged apps.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-WUC",
+          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016.",
+          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:54:13.685Z",
+      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) stole contact list data stored both on the the phone and the SIM card.(Citation: Kaspersky-WUC)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d01b311d-8741-4b58-b127-88fecb2b0544",
+      "created": "2020-04-08T15:41:19.448Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) has a keylogger that works in every application installed on the device.(Citation: Cofense Anubis)",
+      "modified": "2022-04-15T17:33:02.327Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d0669f8d-0aa2-416f-9ec4-a991a2000d3e",
+      "created": "2023-09-21T19:37:30.610Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T19:37:30.610Z",
+      "description": "Some mobile security products offer a loopback VPN used for inspecting traffic. This could proactively block traffic to websites that are known for phishing or appear to be conducting a phishing attack.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--78671282-26aa-486c-a7a5-5921e1616b58",
+      "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad",
+      "created": "2022-04-05T19:45:03.117Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:45:03.117Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2",
+      "type": "relationship",
+      "created": "2020-09-11T15:53:38.453Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "modified": "2020-09-11T15:53:38.453Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can automatically reply to SMS messages, and optionally delete them.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.981Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:45:56.981Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) has access to the device’s location.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d",
+      "type": "relationship",
+      "created": "2020-01-21T15:30:39.335Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2020-01-21T15:30:39.335Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can download attacker-specified files.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d1318f71-7f70-4820-a3fc-0d05af038733",
+      "created": "2021-10-01T14:42:49.154Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can perform actions when one of two hardcoded magic SMS strings is received.(Citation: SecureList BusyGasper)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d13724d0-a5e2-433b-86bf-ead04359edec",
+      "created": "2022-04-01T15:13:10.022Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "iOS Universal Links",
+          "url": "https://developer.apple.com/ios/universal-links/",
+          "description": "Apple. (n.d.). Universal Links for Developers. Retrieved September 11, 2020."
+        },
+        {
+          "source_name": "Android App Links",
+          "url": "https://developer.android.com/training/app-links/verify-site-associations",
+          "description": "Google. (n.d.). Verify Android App Links. Retrieved September 11, 2020."
+        },
+        {
+          "source_name": "IETF-PKCE",
+          "url": "https://tools.ietf.org/html/rfc7636",
+          "description": "N. Sakimura, J. Bradley, and N. Agarwal. (2015, September). IETF RFC 7636: Proof Key for Code Exchange by OAuth Public Clients. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Developers should use Android App Links(Citation: Android App Links) and iOS Universal Links(Citation: iOS Universal Links) to provide a secure binding between URIs and applications, preventing malicious applications from intercepting redirections. Additionally, for OAuth use cases, PKCE(Citation: IETF-PKCE) should be used to prevent use of stolen authorization codes. ",
+      "modified": "2022-04-01T15:13:10.022Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d170a088-b115-4a86-b093-8aa32666a470",
+      "created": "2023-03-15T16:39:55.148Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T21:04:21.890Z",
+      "description": "On both Android and iOS, the user must grant consent to an application to act as a VPN. Both platforms also provide visual context to the user in the top status bar when a VPN connection is active. The user can see registered VPN services in the device settings. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3",
+      "created": "2023-02-28T20:31:31.983Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T20:31:31.983Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can intercept SMS messages and USSD messages from Telcom operators.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d22be48b-90fa-4dba-ab6f-f3ad5e08c03e",
+      "created": "2023-09-22T19:15:22.670Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-22T19:15:22.670Z",
+      "description": "Mobile security products can detect which applications can request device administrator permissions. Application vetting services could be extra scrutinous of applications that request device administrator permissions.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.489Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.128Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract the GPS coordinates of the device.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc",
+      "created": "2019-09-04T14:28:15.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:19:04.639Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve calendar event information including the event name, when and where it is taking place, and the description.(Citation: Lookout-Monokle) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e",
+      "created": "2020-10-29T17:48:27.380Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:54:30.569Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38",
+      "created": "2022-04-01T18:43:25.764Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "System partition integrity mechanisms, such as Verified Boot, can detect the unauthorized modification of system files.",
+      "modified": "2022-04-01T18:43:25.764Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d300eb82-5ca0-48aa-a45f-d34242545e27",
+      "created": "2022-03-30T15:08:28.814Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Device attestation could detect unauthorized operating system modifications. ",
+      "modified": "2022-03-30T15:08:28.814Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d32003ba-959b-4377-aa04-f75275c32abf",
+      "created": "2019-07-16T14:33:12.144Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Google Triada June 2019",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019.",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:40:27.131Z",
+      "description": "[Triada](https://attack.mitre.org/software/S0424) utilized HTTP to exfiltrate data through POST requests to the command and control server.(Citation: Google Triada June 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb",
+      "created": "2020-09-11T16:22:03.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:58:57.686Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect the device’s cell tower information.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--dd818ea5-adf5-41c7-93b5-f3b839a219fb",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d39ceb9c-ef0c-4820-b363-dc8ce0f0d00c",
+      "created": "2023-10-10T15:33:58.621Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.621Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) masquerades as local postal service applications.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d3e06522-2a30-4d56-801e-9461178b80ce",
+      "created": "2021-01-05T20:16:20.412Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:45:54.913Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can hide its icon after launch.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0",
+      "created": "2023-02-06T19:42:34.537Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T22:08:03.095Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can resist removal by going to the home screen during uninstall.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86",
+      "created": "2023-03-20T15:16:43.275Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Samsung Knox Mobile Threat Defense",
+          "description": "Samsung Knox Partner Program. (n.d.). Knox for Mobile Threat Defense. Retrieved March 30, 2022.",
+          "url": "https://partner.samsungknox.com/mtd"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T22:12:07.772Z",
+      "description": "Application vetting services could detect the invocations of methods that could be used to execute shell commands.(Citation: Samsung Knox Mobile Threat Defense)",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d4154247-90ce-43b9-8c17-5c28f67617f5",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.747Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.747Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed browser history, as well as the files for 15 other apps.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c",
+      "created": "2023-03-03T16:24:30.564Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:24:30.564Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hijacked normal application’s launch routines to display ads.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d4a5a902-231e-4878-ad5b-39620498b018",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:15.941Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.589Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can record audio from the device's microphone and can record phone calls, specifying the output audio quality.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.381Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-28T18:59:33.140Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Xiao-ZergHelper",
+          "description": "Claud Xiao. (2016, February 21). Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review. Retrieved December 12, 2016.",
+          "url": "http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[ZergHelper](https://attack.mitre.org/software/S0287) attempts to extend its capabilities via dynamic updating of its code.(Citation: Xiao-ZergHelper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3c3b55a6-c3e9-4043-8aae-283fe96220c0",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb",
+      "created": "2023-03-20T18:58:14.140Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:06:44.919Z",
+      "description": "The user can review which applications have location permissions in the operating system’s settings menu.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d5533ca1-d57e-4bbf-bf0c-d114e4b79078",
+      "created": "2023-08-04T18:32:39.763Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:32:39.763Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can access a device’s camera and take photos.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d562ed4d-ac4d-476b-872e-9e228c580889",
+      "type": "relationship",
+      "created": "2020-11-20T16:37:28.506Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Symantec GoldenCup",
+          "url": "https://symantec-enterprise-blogs.security.com/blogs/expert-perspectives/goldencup-new-cyber-threat-targeting-world-cup-fans",
+          "description": "R. Iarchy, E. Rynkowski. (2018, July 5). GoldenCup: New Cyber Threat Targeting World Cup Fans. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-11-20T16:37:28.506Z",
+      "description": "[Golden Cup](https://attack.mitre.org/software/S0535) can obtain a list of installed applications.(Citation: Symantec GoldenCup)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f3975cc0-72bc-4308-836e-ac701b83860e",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.713Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.713Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can collect notes and data from the MiCode app.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d59da983-c521-47b6-83ab-435f7d58611d",
+      "created": "2019-11-21T16:42:48.493Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecureList - ViceLeaker 2019",
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:12:57.861Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) uses HTTP requests for C2 communication.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a",
+      "created": "2023-03-03T16:25:09.978Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:25:09.978Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) is believed to have initially infected devices using internet traffic hijacking to generate abnormal popups.(Citation: paloalto_yispecter_1015) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5",
+      "type": "relationship",
+      "created": "2020-11-24T17:55:12.897Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "modified": "2020-11-24T17:55:12.897Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can collect the user’s browser cookies.(Citation: Talos GPlayed)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d63de13b-0253-42f4-b13d-34bccf76ad94",
+      "created": "2023-03-20T18:54:50.323Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T15:01:30.483Z",
+      "description": "Applications could be vetted for their use of the `startForeground()` API, and could be further scrutinized if usage is found.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898",
+      "created": "2019-09-04T14:28:16.414Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-Monokle",
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:41:16.423Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can retrieve call history.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d64c4924-76f0-4b2e-858d-b0df733334d0",
+      "created": "2023-02-06T19:03:11.265Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:23:09.430Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can modify system settings to give itself device administrator privileges.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71",
+      "created": "2022-03-30T20:53:54.296Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T20:53:54.296Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7",
+      "created": "2023-03-20T15:16:28.177Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T22:17:39.302Z",
+      "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
+      "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d6be8665-afbb-4be5-a56a-493af01b120a",
+      "created": "2022-03-30T15:52:29.935Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can potentially detect jailbroken or rooted devices.",
+      "modified": "2022-03-30T15:52:29.935Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.413Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.413Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has compressed and encrypted data before exfiltration using password protected .7z archives.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.603Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.603Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383",
+      "created": "2022-04-05T20:17:46.149Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T20:17:46.149Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--393e8c12-a416-4575-ba90-19cc85656796",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5",
+      "created": "2023-03-20T18:50:21.296Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T16:32:32.957Z",
+      "description": "Android applications requesting the `ACCESS_COARSE_LOCATION`, `ACCESS_FINE_LOCATION`, or `ACCESS_BACKGROUND_LOCATION` permissions and iOS applications including the `NSLocationWhenInUseUsageDescription`, `NSLocationAlwaysAndWhenInUseUsageDescription`, and/or `NSLocationAlwaysUsageDescription` keys in their `Info.plist` file could be scrutinized during the application vetting process. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.692Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.692Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has searched for specific existing data directories, including the Gmail app, Dropbox app, Pictures, and thumbnails.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d716163d-2492-4088-9235-b2310312ba27",
+      "created": "2022-04-06T15:44:48.422Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:44:48.422Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--d731c21e-f27d-4756-b418-0e2aaabd6d63",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d71fab20-a56c-4404-a65d-aaa37056f16e",
+      "created": "2022-04-01T15:16:16.027Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Trend Micro iOS URL Hijacking",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/",
+          "description": "L. Wu, Y. Zhou, M. Li. (2019, July 12).  iOS URL Scheme Susceptible to Hijacking. Retrieved September 11, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "iOS 11 introduced a first-come-first-served principle for URIs, allowing only the prior installed app to be launched via the URI.(Citation: Trend Micro iOS URL Hijacking) Android 6 introduced App Links.",
+      "modified": "2022-04-01T15:16:16.027Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d724bcf3-25d2-406a-b612-333fea5e2385",
+      "created": "2020-10-29T17:48:27.440Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can show phishing popups when a targeted application is running.(Citation: Threat Fabric Exobot)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2",
+      "created": "2022-04-08T16:29:55.322Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-08T16:29:55.322Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b332a960-3c04-495a-827f-f17a5daed3a6",
+      "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d7aa436a-e66d-4217-be66-4414703dec07",
+      "type": "relationship",
+      "created": "2020-11-10T17:08:35.634Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-11-10T17:08:35.634Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used incorrect file extensions and encryption to hide most of its assets, including secondary APKs, configuration files, and JAR or DEX files.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:27:01.081Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) attempts to modify the device's system partition.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d7ca70d4-2006-4252-b243-e52be760e24d",
+      "created": "2022-04-01T13:26:39.773Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Access to SMS messages is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their SMS messages. ",
+      "modified": "2022-04-01T13:26:39.773Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1",
+      "created": "2019-09-04T15:38:56.809Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:37:35.704Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can delete data from a compromised device.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37",
+      "type": "relationship",
+      "created": "2020-05-07T15:24:49.583Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-05-27T13:23:34.544Z",
+      "description": "Many vulnerabilities related to injecting code into existing applications have been patched in previous Android releases.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ArsTechnica-HummingBad",
+          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
+          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can exploit unfixed vulnerabilities in older Android versions to root victim phones.(Citation: ArsTechnica-HummingBad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d87b9e3a-9e6b-404d-8fc1-22262ff31157",
+      "created": "2023-08-23T22:18:21.774Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-23T22:18:21.774Z",
+      "description": "Network traffic analysis may reveal processes communicating with malicious domains.  ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d886f368-a38b-4cb3-906f-9b284f58b369",
+      "type": "relationship",
+      "created": "2019-12-10T16:07:41.066Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList DVMap June 2017",
+          "url": "https://securelist.com/dvmap-the-first-android-malware-with-code-injection/78648/",
+          "description": "R. Unuchek. (2017, June 8). Dvmap: the first Android malware with code injection. Retrieved December 10, 2019."
+        }
+      ],
+      "modified": "2019-12-10T16:07:41.066Z",
+      "description": "[Dvmap](https://attack.mitre.org/software/S0420) decrypts executables from archive files stored in the `assets` directory of the installation binary.(Citation: SecureList DVMap June 2017)",
+      "relationship_type": "uses",
+      "source_ref": "malware--22b596a6-d288-4409-8520-5f2846f85514",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab",
+      "type": "relationship",
+      "created": "2020-09-11T16:22:03.229Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-11T16:22:03.229Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect and record audio content.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.686Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) uses the commercial rooting app Baidu Easy Root to gain root privilege and maintain persistence on the victim.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7",
+      "type": "relationship",
+      "created": "2020-12-14T15:02:35.230Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020."
+        }
+      ],
+      "modified": "2020-12-14T15:02:35.230Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) has encrypted C2 communications using Base64-encoded RC4.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--d995dfff-e4b2-4e07-8e76-b064354f591a",
+      "created": "2022-04-01T12:49:32.365Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Calendar access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their device calendar. ",
+      "modified": "2022-04-01T12:49:32.365Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b",
+      "created": "2020-11-24T18:18:33.772Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:24:43.120Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can request device administrator permissions.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--da424f3f-8a93-4a66-858c-b33f587108e6",
+      "type": "relationship",
+      "created": "2020-10-29T17:48:27.225Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-10-29T17:48:27.225Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can obtain the device’s country and carrier name.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--da4296d7-5fdb-45b6-9791-b023d634c08d",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-rcsandroid-spying-tool-listens-to-calls-roots-devices-to-get-in/",
+          "description": "Veo Zhang. (2015, July 21). Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In. Retrieved December 22, 2016.",
+          "source_name": "TrendMicro-RCSAndroid"
+        }
+      ],
+      "modified": "2019-08-09T17:53:48.760Z",
+      "description": "[RCSAndroid](https://attack.mitre.org/software/S0295) can record location.(Citation: TrendMicro-RCSAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--363bc05d-13cb-4e98-a5b7-e250f2bbdc2b",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--da55ec01-daf2-4fac-ba0b-243f759b73aa",
+      "created": "2023-08-14T16:19:34.080Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "unit42_strat_aged_domain_det",
+          "description": "Chen, Z. et al. (2021, December 29). Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends. Retrieved July 31, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/"
+        },
+        {
+          "source_name": "Data Driven Security DGA",
+          "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+          "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:19:34.080Z",
+      "description": "Monitor for pseudo-randomly generated domain names based on frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Additionally, check if the suspicious domain has been recently registered, if it has been rarely visited, or if the domain had a spike in activity after being dormant.(Citation: unit42_strat_aged_domain_det) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dae02ffb-1db5-4b7d-80a9-2a8cbf1bc852",
+      "created": "2023-09-28T17:22:13.691Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:22:13.691Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can collect sensitive information, such as Google Authenticator codes.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--db1201f0-f925-4c3c-8673-7524a8c20886",
+      "type": "relationship",
+      "created": "2021-02-17T20:43:52.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout FrozenCell",
+          "url": "https://blog.lookout.com/frozencell-mobile-threat",
+          "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020."
+        }
+      ],
+      "modified": "2021-02-17T20:43:52.274Z",
+      "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has recorded calls.(Citation: Lookout FrozenCell)",
+      "relationship_type": "uses",
+      "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a",
+      "created": "2020-01-27T17:05:58.265Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:27:51.998Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can obtain the device’s call log.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "modified": "2019-08-09T17:52:31.748Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) checks if the device is on Wi-Fi, a cellular network, and is roaming.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dba7bd66-5f8e-41a8-ad67-ae04cfd1c8ff",
+      "created": "2023-09-21T22:31:55.337Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-21T22:31:55.337Z",
+      "description": "Application vetting services may be able to list domains and/or IP addresses that applications communicate with.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dbef53a9-f9c4-4582-8e93-349ad488de12",
+      "created": "2023-02-28T21:42:06.525Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cloudmark_tanglebot_0921",
+          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
+          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-29T21:27:42.197Z",
+      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can request permission to view call logs.(Citation: cloudmark_tanglebot_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97",
+      "created": "2023-02-06T19:06:37.359Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-06T19:06:37.359Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can receive files from the C2 at runtime.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dc354395-cccf-471a-9335-8538ce20f1ec",
+      "created": "2023-07-21T19:33:28.471Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:33:28.471Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can exfiltrate SMS logs.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357",
+      "created": "2019-07-10T15:25:57.572Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:31:46.913Z",
+      "description": "[FinFisher](https://attack.mitre.org/software/S0182) captures and exfiltrates SMS messages.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a5528622-3a8a-4633-86ce-8cdaf8423858",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dc7ef843-a073-4e23-b717-c505d4863b02",
+      "created": "2023-03-20T18:53:58.856Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:27:15.979Z",
+      "description": "If the user sees a notification with text they do not recognize, they should review their list of installed applications.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962",
+      "created": "2019-09-23T13:36:08.456Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:58:03.072Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) can lock an HTML page in the foreground, requiring the user enter credit card information that matches information previously intercepted in SMS messages, such as the last 4 digits of a credit card number. If attempts to revoke administrator permissions are detected, [Rotexy](https://attack.mitre.org/software/S0411) periodically switches off the phone screen to inhibit permission removal.(Citation: securelist rotexy 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dcf01e96-1498-4ebf-b46f-d4f4eb796f23",
+      "created": "2023-07-21T19:37:42.022Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:37:42.022Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can retrieve the list of installed applications.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8",
+      "created": "2023-01-18T19:58:00.503Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "nccgroup_sharkbot_0322",
+          "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+          "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:57:14.522Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use RC4 to encrypt C2 payloads.(Citation: nccgroup_sharkbot_0322)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b",
+      "created": "2020-07-15T20:20:59.307Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) has used domain generation algorithms.(Citation: Bitdefender Mandrake)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ddca1254-b404-4850-9566-0be35c6d7564",
+      "created": "2020-11-10T17:08:35.771Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -43346,11 +45577,781 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:27:39.012Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has used both FTP and TCP sockets for data exfiltration.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2023-04-05T17:00:11.412Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) can access the device’s SMS and MMS messages.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6a3f6490-9c44-40de-b059-e5940f246673",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e",
+      "created": "2022-03-30T19:29:07.379Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Inform users that device rooting or granting unnecessary access to the accessibility service presents security risks that could be taken advantage of without their knowledge.",
+      "modified": "2022-03-30T19:29:07.379Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--de45db46-2251-4a29-b4d7-3fcf679e9484",
+      "created": "2019-09-04T15:38:56.877Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        },
+        {
+          "source_name": "FlexiSpy-Features",
+          "description": "FlexiSpy. (n.d.). FlexiSpy Monitoring Features. Retrieved September 4, 2019.",
+          "url": "https://www.flexispy.com/en/features-overview.htm"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:32:16.401Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can intercept SMS and MMS messages as well as monitor messages for keywords.(Citation: CyberMerchants-FlexiSpy)(Citation: FlexiSpy-Features)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b",
+      "created": "2021-01-05T20:16:20.490Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler TikTok Spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:38:01.842Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6",
+      "created": "2022-04-05T19:54:12.660Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T19:54:12.660Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--52651225-0b3a-482d-aa7e-10618fd063b5",
+      "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--de7e3a71-1152-481c-8e5c-88f53852cab6",
+      "created": "2022-04-01T15:16:53.239Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-01T15:16:53.239Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--def81edd-4410-47b2-a80f-d47b3f353f54",
+      "created": "2023-03-16T18:27:42.656Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T14:59:40.699Z",
+      "description": "Application vetting services can detect which broadcast intents an application registers for and which permissions it requests. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--df036f55-f749-4dad-9473-d69535e0f98d",
+      "created": "2020-06-26T14:55:13.385Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) can abuse Android’s accessibility service to record the screen PIN.(Citation: Cybereason EventBot)",
+      "modified": "2022-04-15T17:39:39.931Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--df07166f-917e-4bc4-899e-d689d1d3f785",
+      "created": "2023-10-10T15:33:58.104Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.104Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can impersonate any popular application on an infected device, and the core malware disguises itself as a legitimate Google application. [Agent Smith](https://attack.mitre.org/software/S0440)'s dropper is a weaponized legitimate Feng Shui Bundle.(Citation: CheckPoint Agent Smith) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--df337ad4-c88e-425f-b869-ecac29674bf4",
+      "type": "relationship",
+      "created": "2021-03-25T16:39:40.200Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
+        }
+      ],
+      "modified": "2021-03-25T16:39:40.200Z",
+      "description": "(Citation: CYBERWARCON CHEMISTGAMES)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--381fcf73-60f6-4ab2-9991-6af3cbc35192",
+      "target_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "source_name": "Kaspersky-Skygofree"
+        }
+      ],
+      "modified": "2019-08-09T18:08:07.144Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) has the capability to exploit several known vulnerabilities and escalate privileges.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5",
+      "created": "2020-04-08T15:41:19.445Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Trend Micro Anubis",
+          "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html",
+          "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021."
+        },
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can retrieve the C2 address from Twitter and Telegram.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
+      "modified": "2022-04-20T17:57:23.327Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea",
+      "created": "2023-02-06T19:45:58.793Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-11T22:08:45.192Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) can use the open-source project RetroFit for C2 communication.(Citation: threatfabric_sova_0921)",
+      "relationship_type": "uses",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e012da15-7669-4764-ad9d-8a1d817bcca9",
+      "created": "2023-03-20T18:23:04.068Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:22:19.012Z",
+      "description": "Application vetting services could look for indications that the application downloads and executes new code at runtime (e.g., on Android, use of `DexClassLoader`, `System.load`, or the WebView `JavaScriptInterface` capability; on iOS, use of JSPatch or similar capabilities).",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e03b0eb5-32c6-4867-9235-77fe32192983",
+      "type": "relationship",
+      "created": "2019-09-04T15:38:56.916Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019."
+        }
+      ],
+      "modified": "2019-09-10T14:59:26.071Z",
+      "description": " [FlexiSpy](https://attack.mitre.org/software/S0408) can track the device's location.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e03b25b0-0779-48da-b5d7-28f1f6106363",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.992Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.992Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has taken screenshots.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.433Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.433Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can record audio and outgoing calls.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e",
+      "created": "2023-03-03T16:25:52.931Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:25:52.931Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about installed applications.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Zscaler-SpyNote",
+          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
+          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:32:29.636Z",
+      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can read SMS messages.(Citation: Zscaler-SpyNote)",
+      "relationship_type": "uses",
+      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e0f58ab7-b246-4c41-9afc-89b582590809",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.374Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T20:14:47.374Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can download additional modules at runtime via JavaScript `eval` statements.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e135cefa-f019-479d-86eb-438972df73e0",
+      "created": "2019-09-04T15:38:56.702Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "FortiGuard-FlexiSpy",
+          "description": "K. Lu. (n.d.). Deep Technical Analysis of the Spyware FlexiSpy for Android. Retrieved September 10, 2019.",
+          "url": "https://d3gpjj9d20n0p3.cloudfront.net/fortiguard/research/Dig%20Deep%20into%20FlexiSpy%20for%20Android%28white%20paper%29_KaiLu.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:48:30.652Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) installs boot hooks into `/system/su.d`.(Citation: FortiGuard-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36",
+      "created": "2023-03-20T18:41:31.300Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T22:18:26.965Z",
+      "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e245ad04-3fe9-4132-8bb4-77cdc4c3a1eb",
+      "created": "2023-10-10T15:33:58.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:58.272Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has masqueraded as an Android security application.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e245e45a-71a8-408d-8f32-7b7337bffc26",
+      "created": "2023-01-18T19:19:58.007Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_drinik_1022",
+          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
+          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T18:10:23.208Z",
+      "description": "[Drinik](https://attack.mitre.org/software/S1054) can hide its application icon.(Citation: cyble_drinik_1022)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:27.919Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:27.919Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has extracted messages from chat programs, such as WeChat.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e29d91f0-ebee-481d-9344-702c90775109",
+      "type": "relationship",
+      "created": "2020-05-07T15:33:32.928Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "CheckPoint Agent Smith",
+          "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/",
+          "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020."
+        }
+      ],
+      "modified": "2020-05-07T15:33:32.928Z",
+      "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can inject fraudulent ad modules into existing applications on a device.(Citation: CheckPoint Agent Smith)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+      "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e2ee6825-43c2-441f-ba96-404a330a9059",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CheckPoint-Charger",
+          "description": "Oren Koriat and Andrey Polkovnichenko. (2017, January 24). Charger Malware Calls and Raises the Risk on Google Play. Retrieved January 24, 2017.",
+          "url": "http://blog.checkpoint.com/2017/01/24/charger-malware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:54:51.590Z",
+      "description": "[Charger](https://attack.mitre.org/software/S0323) steals contacts from the victim user's device.(Citation: CheckPoint-Charger)",
+      "relationship_type": "uses",
+      "source_ref": "malware--d1c600f8-0fb6-4367-921b-85b71947d950",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb",
+      "created": "2020-11-10T17:08:35.846Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has used specially crafted SMS messages to control the target device.(Citation: Lookout Uyghur Campaign) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8",
+      "created": "2023-03-01T22:18:19.004Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:14:48.174Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can send contact lists to its C2 server.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e35b013b-89e8-41b3-a518-7737234ab71b",
+      "type": "relationship",
+      "created": "2020-01-27T17:05:58.312Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-01-27T17:05:58.312Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can take screenshots.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e3a961ec-8184-4143-b8c2-c33ea0503678",
+      "type": "relationship",
+      "created": "2020-09-24T15:34:51.315Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-Dendroid",
+          "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+        }
+      ],
+      "modified": "2020-09-24T15:34:51.315Z",
+      "description": "[Dendroid](https://attack.mitre.org/software/S0301) can take photos and record videos.(Citation: Lookout-Dendroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e3d04885-95a5-47cb-a038-b58542cf787d",
+      "created": "2019-09-03T19:45:48.487Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:08:39.524Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate the call log.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e4019493-bd52-4011-9355-8902be6ff3f3",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:49:19.083Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) registers the broadcast receiver to listen for events related to device boot-up.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43384,24 +46385,24 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55",
-      "created": "2023-03-03T16:23:56.031Z",
+      "id": "relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532",
+      "created": "2023-02-06T19:46:43.041Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+          "source_name": "threatfabric_sova_0921",
+          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
+          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-03T16:23:56.031Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected the device UUID.(Citation: paloalto_yispecter_1015)",
+      "modified": "2023-02-06T19:46:43.041Z",
+      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has included adversary-in-the-middle capabilities.(Citation: threatfabric_sova_0921)",
       "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
+      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43410,92 +46411,69 @@
     },
     {
       "type": "relationship",
-      "id": "relationship--d2749285-47d9-44a4-962f-9215e6fb580e",
-      "created": "2020-10-29T17:48:27.380Z",
+      "id": "relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8",
+      "created": "2023-03-20T18:56:24.246Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Exobot",
-          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
-          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T19:54:30.569Z",
-      "description": "[Exobot](https://attack.mitre.org/software/S0522) can access the device’s contact list.(Citation: Threat Fabric Exobot)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
-      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--97738857-d496-4d39-9809-1921e0ad10b7",
-      "type": "relationship",
-      "created": "2020-12-31T18:25:05.125Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "CYBERWARCON CHEMISTGAMES",
-          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
-          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
-        }
-      ],
-      "modified": "2020-12-31T18:25:05.125Z",
-      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) can collect files from the filesystem and account information from Google Chrome.(Citation: CYBERWARCON CHEMISTGAMES)",
-      "relationship_type": "uses",
-      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--13aba849-5004-4457-9f3b-49e470b589e0",
-      "created": "2023-03-20T18:43:44.617Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:43:44.617Z",
-      "description": "",
+      "modified": "2023-08-09T15:54:20.664Z",
+      "description": "Application vetting services can look for applications requesting the `android.permission.SYSTEM_ALERT_WINDOW` permission in the list of permissions in the app manifest. ",
       "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6",
+      "created": "2020-09-14T13:35:45.911Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "ESET-Twitoor",
+          "url": "http://www.welivesecurity.com/2016/08/24/first-twitter-controlled-android-botnet-discovered/",
+          "description": "ESET. (2016, August 24). First Twitter-controlled Android botnet discovered. Retrieved December 22, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Twitoor](https://attack.mitre.org/software/S0302) can be controlled via Twitter.(Citation: ESET-Twitoor)",
+      "modified": "2022-04-20T17:56:24.292Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--41e3fd01-7b83-471f-835d-d2b1dc9a770c",
+      "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+      "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--51457698-e98b-435a-88c2-75a82cdc2bda",
-      "created": "2018-10-17T00:14:20.652Z",
+      "id": "relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb",
+      "created": "2020-12-24T22:04:28.024Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-StealthMango",
-          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:38:56.380Z",
-      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads call logs.(Citation: Lookout-StealthMango)",
+      "modified": "2023-04-05T17:41:54.548Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has collected call logs.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
-      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
       "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -43506,27 +46484,272 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--e5e4567e-05a3-4d79-beab-191efc336473",
       "type": "relationship",
-      "id": "relationship--209aa948-393c-46b0-9488-ef93a6252438",
-      "created": "2022-03-30T20:07:19.296Z",
+      "created": "2020-01-27T17:05:58.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "source_name": "Trend Micro Bouncing Golf 2019"
+        }
+      ],
+      "modified": "2020-03-26T20:50:07.266Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) encrypts data using a simple XOR operation with a pre-configured key prior to exfiltration.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
+      "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3",
+      "created": "2023-03-16T13:32:02.290Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-10T21:06:58.988Z",
+      "description": "Android applications using the `RECORD_AUDIO` permission and iOS applications using `RequestRecordPermission` should be carefully reviewed and monitored. If the `CAPTURE_AUDIO_OUTPUT` permission is found in a third-party Android application, the application should be heavily scrutinized.\n\nIn both Android (6.0 and up) and iOS, the user can review which applications have the permission to access the microphone through the device settings screen and revoke permissions as necessary. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Proofpoint-Marcher",
+          "url": "https://www.proofpoint.com/us/threat-insight/post/credential-phishing-and-android-banking-trojan-combine-austrian-mobile-attacks",
+          "description": "Proofpoint. (2017, November 3). Credential phishing and an Android banking Trojan combine in Austrian mobile attacks. Retrieved July 6, 2018."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Marcher](https://attack.mitre.org/software/S0317) attempts to overlay itself on top of legitimate banking apps in an effort to capture user credentials. [Marcher](https://attack.mitre.org/software/S0317) also attempts to overlay itself on top of legitimate apps such as the Google Play Store in an effort to capture user credit card information.(Citation: Proofpoint-Marcher)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f9854ba6-989d-43bf-828b-7240b8a65291",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39",
+      "created": "2020-12-14T15:02:35.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:32:42.890Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can collect SMS messages as they are received.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208",
+      "type": "relationship",
+      "created": "2020-07-20T13:27:33.546Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Talos-WolfRAT",
+          "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html",
+          "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-08-10T21:57:54.537Z",
+      "description": "[WolfRAT](https://attack.mitre.org/software/S0489) can receive system notifications.(Citation: Talos-WolfRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e7af5be1-721f-40c5-b647-659243a0a14b",
+      "type": "relationship",
+      "created": "2020-04-08T15:41:19.321Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Cofense Anubis",
+          "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/",
+          "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2021-09-20T13:50:02.057Z",
+      "description": "[Anubis](https://attack.mitre.org/software/S0422) can record phone calls and audio.(Citation: Cofense Anubis)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac",
+      "created": "2020-06-26T15:32:25.060Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020.",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:35:13.005Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can uninstall itself from a device on command.(Citation: Threat Fabric Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e7b7e813-4867-46fe-bf86-6f367553d765",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.456Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "modified": "2020-01-21T14:20:50.455Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can copy arbitrary files from the device to the C2 server, can exfiltrate browsing history, can exfiltrate the SD card structure, and can exfiltrate pictures as the user takes them.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:12:22.002Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses contact list information.(Citation: Lookout-PegasusAndroid)",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--e8768455-4d0c-4e3c-a901-1fc871227745",
+      "created": "2022-03-30T17:54:56.603Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-03-30T20:07:19.296Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
-      "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
+      "modified": "2022-03-30T17:54:56.603Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--786f488c-cb1f-4602-89c5-86d982ee326b",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--93b6bf37-5614-4317-8ed7-42f098152c40",
-      "created": "2023-02-28T20:39:18.320Z",
+      "id": "relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2",
+      "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "NYTimes-BackDoor",
+          "description": "Matt Apuzzo and Michael S. Schmidt. (2016, November 15). Secret Back Door in Some U.S. Phones Sent Data to China, Analysts Say. Retrieved February 6, 2017.",
+          "url": "https://www.nytimes.com/2016/11/16/us/politics/china-phones-software-security.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:42:14.121Z",
+      "description": "[Adups](https://attack.mitre.org/software/S0309) transmitted call logs.(Citation: NYTimes-BackDoor)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f6ac21b6-2592-400c-8472-10d0e2f1bfaf",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e889782a-f66b-448e-a466-e55b1bce7b64",
+      "created": "2023-02-28T20:38:25.598Z",
+      "revoked": false,
       "external_references": [
         {
           "source_name": "proofpoint_flubot_0421",
@@ -43537,11 +46760,217 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-31T22:10:38.672Z",
-      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use a SOCKS proxy to evade C2 IP detection.(Citation: proofpoint_flubot_0421)",
+      "modified": "2023-02-28T20:38:25.598Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) has encrypted C2 message bodies with RSA and encoded them in base64.(Citation: proofpoint_flubot_0421)",
       "relationship_type": "uses",
       "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
-      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+      "target_ref": "attack-pattern--16d73b64-5681-4ea0-9af4-4ad86f7c96e8",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d",
+      "created": "2020-12-17T20:15:22.496Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:55:35.453Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can access the device’s contact list.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e928c0ce-2b98-4af5-a990-f690f4306681",
+      "created": "2023-03-20T18:43:46.070Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T14:56:32.077Z",
+      "description": "Application vetting services can detect which broadcast intents an application registers for and which permissions it requests. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e95ac47c-8822-4ce5-bd65-f61ca873854b",
+      "created": "2023-09-28T17:21:15.893Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:21:15.893Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can collect application keylogs.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7",
+      "type": "relationship",
+      "created": "2019-08-07T15:57:13.388Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Riltok June 2019",
+          "url": "https://securelist.com/mobile-banker-riltok/91374/",
+          "description": "Tatyana Shishkova. (2019, June 25). Riltok mobile Trojan: A banker with global reach. Retrieved August 7, 2019."
+        }
+      ],
+      "modified": "2019-09-18T13:44:13.453Z",
+      "description": "[Riltok](https://attack.mitre.org/software/S0403) injects input to set itself as the default SMS handler by clicking the appropriate places on the screen. It can also close or minimize targeted antivirus applications and the device security settings screen.(Citation: Kaspersky Riltok June 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c0efbaae-9e7d-4716-a92d-68373aac7424",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb",
+      "type": "relationship",
+      "created": "2020-12-17T20:15:22.444Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Palo Alto HenBox",
+          "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/",
+          "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019."
+        }
+      ],
+      "modified": "2020-12-17T20:15:22.444Z",
+      "description": "[HenBox](https://attack.mitre.org/software/S0544) can load additional Dalvik code while running.(Citation: Palo Alto HenBox)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9b262ba-1c32-40b3-8622-121b30d6df50",
+      "type": "relationship",
+      "created": "2019-10-10T15:14:57.378Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-10-10T15:14:57.378Z",
+      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can extract information on pictures from the Gallery, Chrome and SBrowser bookmarks, and the connected WiFi network's password.(Citation: SWB Exodus March 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.745Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T21:55:56.745Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed the list of installed apps.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
+        }
+      ],
+      "modified": "2019-10-15T19:56:13.162Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) exfiltrates details of the victim device operating system and manufacturer.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc",
+      "created": "2023-03-20T18:49:38.917Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:51:08.240Z",
+      "description": "Application vetting services may be able to detect known privilege escalation exploits contained within applications, as well as searching application packages for strings that correlate to known password store locations.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43551,22 +46980,151 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55",
+      "id": "relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7",
       "type": "relationship",
-      "created": "2020-04-24T17:46:31.603Z",
+      "created": "2020-11-24T17:55:12.822Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "SecurityIntelligence TrickMo",
-          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
-          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
         }
       ],
-      "modified": "2020-04-24T17:46:31.603Z",
-      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can steal pictures from the device.(Citation: SecurityIntelligence TrickMo)",
+      "modified": "2020-11-24T17:55:12.822Z",
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can request the device’s location.(Citation: Talos GPlayed)",
       "relationship_type": "uses",
-      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
-      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eb052029-e1c9-4f24-8594-299aaec7f1df",
+      "created": "2020-12-14T14:52:03.351Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Sophos Red Alert 2.0",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:42:46.952Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can collect the device’s call log.(Citation: Sophos Red Alert 2.0)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93",
+      "type": "relationship",
+      "created": "2020-09-11T15:50:18.937Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
+        }
+      ],
+      "modified": "2020-09-11T15:50:18.937Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can send SMS messages.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader",
+          "description": "Lorin Wu. (2018, April 19). XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing. Retrieved July 6, 2018.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/xloader-android-spyware-and-banking-trojan-distributed-via-dns-spoofing/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:24:55.047Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) requests Android Device Administrator access.(Citation: TrendMicro-XLoader)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5",
+      "created": "2022-04-06T15:47:06.163Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:47:06.163Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
+      "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eb69d3c1-aa16-429e-9b72-c1a993e584fa",
+      "created": "2023-07-14T19:11:45.176Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-14T19:11:45.176Z",
+      "description": "Unexpected behavior from an application could be an indicator of masquerading.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041",
+      "type": "relationship",
+      "created": "2017-10-25T14:48:53.742Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2020-06-24T15:08:18.481Z",
+      "description": "Enterprise policies should prevent enabling USB debugging on Android devices unless specifically needed (e.g., if the device is used for application development).",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -43575,31 +47133,365 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b",
-      "created": "2017-12-14T16:46:06.044Z",
+      "id": "relationship--eb784dcf-4188-47e2-9217-837b262acfb9",
+      "created": "2022-04-01T18:43:01.860Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-01T18:43:01.860Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3",
+      "created": "2023-02-06T19:01:39.599Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_abstractemu_1021",
+          "description": "P Shunk, K Balaam. (2021, October 28). Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign. Retrieved February 6, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-global-rooting-malware-campaign"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-27T17:25:11.903Z",
+      "description": "[AbstractEmu](https://attack.mitre.org/software/S1061) can grant itself contact list access.(Citation: lookout_abstractemu_1021)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2aec175b-4429-4048-8e09-3ef6cbecfc64",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ec734b52-a823-495c-9684-c4649269723e",
+      "created": "2023-09-28T17:22:03.028Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:22:03.028Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can uninstall itself and other applications.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ec819008-396a-4ca3-b8d3-fda7f28128d0",
+      "created": "2023-08-14T16:33:56.635Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:33:56.635Z",
+      "description": "Many properly configured firewalls may naturally block command and control traffic.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:48.913Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-06T15:32:46.477Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can use its keylogger module to take screenshots of the area of the screen that the user tapped.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d",
+      "type": "relationship",
+      "created": "2019-08-09T18:06:11.672Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "source_name": "Lookout Dark Caracal Jan 2018"
+        }
+      ],
+      "modified": "2019-08-09T18:06:11.672Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) can take pictures with both the front and rear-facing cameras.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ece70dca-803c-4209-8792-7e56e9901288",
+      "created": "2020-07-15T20:20:59.291Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:38:15.470Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can delete all data from an infected device.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a",
+      "type": "relationship",
+      "created": "2020-07-15T20:20:59.186Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.186Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access device configuration information and status, including Android version, battery level, device model, country, and SIM operator.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ed3293cf-de4f-4a73-98af-24325e8187c9",
+      "created": "2020-04-24T17:46:31.598Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020.",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:51:43.135Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) can detect if it is running on a rooted device or an emulator.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ed48a86f-e55f-4abf-8f18-98591b756399",
+      "created": "2023-03-03T16:19:30.443Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:19:30.443Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has hidden the app icon from iOS springboard.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ed7e9368-004c-484f-9eed-03b158325564",
+      "created": "2023-03-20T18:54:40.401Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T14:39:38.390Z",
+      "description": "Application vetting services could look for known software packers or artifacts of packing techniques. Packing is not a definitive indicator of malicious activity, because as legitimate software may use packing techniques to reduce binary size or to protect proprietary code.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6",
+      "created": "2023-02-28T20:31:55.191Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "proofpoint_flubot_0421",
+          "description": "Crista Giering, F. Naves, Andrew Conway, Adam McNeil . (2021, April 27). FluBot Android Malware Spreading Rapidly Through Europe, May Hit U.S. Soon. Retrieved February 28, 2023.",
+          "url": "https://www.proofpoint.com/us/blog/threat-insight/flubot-android-malware-spreading-rapidly-through-europe-may-hit-us-soon"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-02-28T20:31:55.191Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can access app notifications.(Citation: proofpoint_flubot_0421)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--ede5c314-5988-4151-bb30-b6a6983d02c0",
+      "created": "2020-12-31T18:25:05.164Z",
       "x_mitre_version": "1.0",
       "external_references": [
         {
-          "source_name": "Kaspersky-WUC",
-          "url": "https://securelist.com/android-trojan-found-in-targeted-attack-58/35552/",
-          "description": "Costin Raiu, Denis Maslennikov, Kurt Baumgartner. (2013, March 26). Android Trojan Found in Targeted Attack. Retrieved December 23, 2016."
+          "source_name": "CYBERWARCON CHEMISTGAMES",
+          "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w",
+          "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020."
         }
       ],
       "x_mitre_deprecated": false,
       "revoked": false,
-      "description": "[Android/Chuli.A](https://attack.mitre.org/software/S0304) used SMS to receive command and control messages.(Citation: Kaspersky-WUC)",
-      "modified": "2022-04-19T14:25:41.669Z",
+      "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has been distributed as updates to legitimate applications. This was accomplished by compromising legitimate app developers, and subsequently gaining access to their Google Play Store developer account.(Citation: CYBERWARCON CHEMISTGAMES)",
+      "modified": "2022-04-15T15:16:53.317Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "relationship_type": "uses",
-      "source_ref": "malware--d05f7357-4cbe-47ea-bf83-b8604226d533",
-      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+      "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
       "x_mitre_attack_spec_version": "2.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3",
-      "created": "2020-09-15T15:18:12.462Z",
+      "id": "relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb",
+      "created": "2019-09-04T15:38:56.881Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "CyberMerchants-FlexiSpy",
+          "description": "Actis B. (2017, April 22). FlexSpy Application Analysis. Retrieved September 4, 2019.",
+          "url": "http://www.cybermerchantsofdeath.com/blog/2017/04/22/FlexiSpy.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T19:56:00.761Z",
+      "description": "[FlexiSpy](https://attack.mitre.org/software/S0408) can collect device contacts.(Citation: CyberMerchants-FlexiSpy)",
+      "relationship_type": "uses",
+      "source_ref": "tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ee095f20-eef5-4dcc-a537-70b387592c2c",
+      "created": "2023-02-28T20:38:46.702Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "bitdefender_flubot_0524",
+          "description": "Filip TRUȚĂ, Răzvan GOSA, Adrian Mihai GOZOB. (2022, May 24). New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike. Retrieved February 28, 2023.",
+          "url": "https://www.bitdefender.com/blog/labs/new-flubot-campaign-sweeps-through-europe-targeting-android-and-ios-users-alike/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-31T22:15:20.089Z",
+      "description": "[FluBot](https://attack.mitre.org/software/S1067) can use Accessibility Services to make removal of the malicious app difficult.(Citation: bitdefender_flubot_0524)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f5ff006c-702f-4ded-8e60-ca6c540d91bc",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9",
+      "created": "2020-09-15T15:18:12.419Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -43612,11 +47504,11 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:42:40.327Z",
-      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can hide its icon if it detects that it is being run on an emulator.(Citation: Cybereason FakeSpy)",
+      "modified": "2023-04-05T19:56:18.859Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) can collect the device’s contact list.(Citation: Cybereason FakeSpy)",
       "relationship_type": "uses",
       "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
-      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43626,69 +47518,212 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f",
+      "id": "relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f",
       "type": "relationship",
-      "created": "2020-11-10T17:08:35.644Z",
+      "created": "2019-09-23T13:36:08.448Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019.",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "source_name": "securelist rotexy 2018"
         }
       ],
-      "modified": "2020-11-10T17:08:35.644Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has gathered device metadata, including model, manufacturer, SD card size, disk usage, memory, CPU, and serial number.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2019-10-15T19:56:50.651Z",
+      "description": "[Rotexy](https://attack.mitre.org/software/S0411) collects information about the compromised device, including phone number, network operator, OS version, device model, and the device registration country.(Citation: securelist rotexy 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
       "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c",
       "type": "relationship",
-      "created": "2020-12-18T20:14:47.381Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "WhiteOps TERRACOTTA",
-          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
-          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
-        }
-      ],
-      "modified": "2020-12-28T18:59:33.140Z",
-      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) has collected the device’s phone number and can check if the active network connection is metered.(Citation: WhiteOps TERRACOTTA)",
-      "relationship_type": "uses",
-      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
-      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
-      "x_mitre_version": "1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016",
-      "created": "2022-04-15T18:12:53.512Z",
+      "id": "relationship--eee008fa-a46f-4542-93e3-8fe5f949130f",
+      "created": "2023-01-19T18:06:57.242Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Xiao-KeyRaider",
-          "description": "Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.",
-          "url": "http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/"
+          "source_name": "trendmicro_tianyspy_0122",
+          "description": "Trend Micro. (2022, January 25). TianySpy Malware Uses Smishing Disguised as Message From Telco. Retrieved January 11, 2023.",
+          "url": "https://www.trendmicro.com/en_us/research/22/a/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:28:29.839Z",
-      "description": "[Monokle](https://attack.mitre.org/software/S0407) can install attacker-specified certificates to the device's trusted certificate store, enabling an adversary to perform adversary-in-the-middle attacks.(Citation: Xiao-KeyRaider)",
+      "modified": "2023-03-29T21:21:37.086Z",
+      "description": "[TianySpy](https://attack.mitre.org/software/S1056) can check to see if WiFi is enabled.(Citation: trendmicro_tianyspy_0122) ",
       "relationship_type": "uses",
-      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
-      "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
+      "source_ref": "malware--fd6d56b2-d84e-4d2a-b37d-d4678d3e08a6",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671",
+      "created": "2021-02-08T16:36:20.709Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has encrypted C2 communications using AES in CBC mode during Operation BULL and Operation ROCK.(Citation: BlackBerry Bahamut)",
+      "modified": "2022-04-18T16:07:26.671Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f",
+      "created": "2019-07-16T14:33:12.107Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Kaspersky Triada June 2016",
+          "url": "https://securelist.com/everyone-sees-not-what-they-want-to-see/74997/",
+          "description": "Kivva, A. (2016, June 6). Everyone sees not what they want to see. Retrieved July 16, 2019."
+        },
+        {
+          "source_name": "Google Triada June 2019",
+          "url": "https://security.googleblog.com/2019/06/pha-family-highlights-triada.html",
+          "description": "Lukasz Siewierski. (2019, June 6). PHA Family Highlights: Triada. Retrieved July 16, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Triada](https://attack.mitre.org/software/S0424) can redirect ad banner URLs on websites visited by the user to specific ad URLs.(Citation: Google Triada June 2019)(Citation: Kaspersky Triada June 2016) ",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--f082fc59-0317-49cf-971f-a1b6296ebb52",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ef792cb5-cb1f-4871-a2ef-20e6150d4005",
+      "created": "2023-10-10T15:33:57.735Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:57.735Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has been embedded into trojanized versions of applications such as Voxer, TalkBox, and Amaq News.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--efd35b6f-7a61-4998-97ff-608547e40f66",
+      "created": "2019-10-01T14:23:44.054Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "securelist rotexy 2018",
+          "url": "https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/",
+          "description": "T. Shishkova, L. Pikman. (2018, November 22).  The Rotexy mobile Trojan – banker and ransomware. Retrieved September 23, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": " [Rotexy](https://attack.mitre.org/software/S0411) encrypts JSON HTTP payloads with AES.(Citation: securelist rotexy 2018) ",
+      "modified": "2022-04-18T16:07:57.631Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--0626c181-93cb-4860-9cb0-dff3b1c13063",
+      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f012feab-5612-429f-81bd-ff75d6ffd04e",
+      "created": "2022-04-05T17:03:34.941Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-05T17:03:34.941Z",
+      "relationship_type": "subtechnique-of",
+      "source_ref": "attack-pattern--fa801609-ca8e-415e-815e-65f3826ff4df",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f051c943-998c-4db2-9dbc-d4755057bcf0",
+      "created": "2022-04-05T19:49:06.417Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-05T19:49:06.417Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd",
+      "created": "2023-03-20T18:51:58.152Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:23:02.162Z",
+      "description": "Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs. Further detection would most likely be at the enterprise level, through packet and/or netflow inspection. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43718,26 +47753,68 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1",
       "type": "relationship",
-      "id": "relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1",
-      "created": "2017-12-14T16:46:06.044Z",
+      "created": "2020-07-15T20:20:59.284Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020."
+        }
+      ],
+      "modified": "2020-07-15T20:20:59.284Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can install attacker-specified components or applications.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f0e39856-4d2d-45c5-bf16-f683ee993010",
+      "created": "2022-03-30T18:18:15.915Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-03-30T18:18:15.915Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--cde2cb84-455e-410c-8aa9-086f2788bcd2",
+      "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc",
+      "created": "2020-09-14T14:13:45.286Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Lookout-BrainTest",
-          "description": "Chris Dehghanpoor. (2016, January 6). Brain Test re-emerges: 13 apps found in Google Play  Read more: Brain Test re-emerges: 13 apps found in Google Play. Retrieved December 21, 2016.",
-          "url": "https://blog.lookout.com/blog/2016/01/06/brain-test-re-emerges/"
+          "source_name": "Lookout eSurv",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/esurv-research"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T21:25:52.381Z",
-      "description": "[BrainTest](https://attack.mitre.org/software/S0293) uses root privileges (if available) to copy an additional Android app package (APK) to /system/priv-app to maintain persistence even after a factory reset.(Citation: Lookout-BrainTest)",
+      "modified": "2023-04-05T20:40:48.237Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507) has exfiltrated data using HTTP PUT requests.(Citation: Lookout eSurv)",
       "relationship_type": "uses",
-      "source_ref": "malware--e13d084c-382f-40fd-aa9a-98d69e20301e",
-      "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43747,45 +47824,225 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--1c180c0e-c789-4176-b568-789ada9487bb",
       "type": "relationship",
-      "created": "2020-10-29T19:21:23.162Z",
+      "id": "relationship--f157970b-4782-46d0-abdd-000ae6eea14b",
+      "created": "2018-10-17T00:14:20.652Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "",
+      "modified": "2022-04-06T15:41:33.832Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b",
+      "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150",
+      "type": "relationship",
+      "created": "2020-05-11T16:37:36.673Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "WeLiveSecurity AdDisplayAshas",
-          "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/",
-          "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020."
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "source_name": "ThreatFabric Ginp"
         }
       ],
-      "modified": "2020-10-29T19:21:23.162Z",
-      "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) can collect information about the device including device type, OS version, language, free storage space, battery status, device root, and if *developer mode* is enabled.(Citation: WeLiveSecurity AdDisplayAshas)",
+      "modified": "2020-05-11T16:37:36.673Z",
+      "description": " [Ginp](https://attack.mitre.org/software/S0423) can download device logs.(Citation: ThreatFabric Ginp) ",
       "relationship_type": "uses",
-      "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
-      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--de4ecfa3-fa91-4377-810c-5c567de9688b",
-      "created": "2021-01-05T20:16:20.490Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "id": "relationship--f259b5a8-bf2f-48c9-ae1b-b20d53daf665",
+      "created": "2023-07-21T19:39:51.044Z",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "Zscaler TikTok Spyware",
-          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
-          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T20:38:01.842Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can delete attacker-specified files.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2023-07-21T19:39:51.044Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can exfiltrate data when the user boots the app, or on device boot.(Citation: lookout_bouldspy_0423)",
       "relationship_type": "uses",
-      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee",
+      "created": "2020-11-24T17:55:12.895Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Talos GPlayed",
+          "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html",
+          "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[GPlayed](https://attack.mitre.org/software/S0536) can show a phishing WebView pretending to be a Google service that collects credit card information.(Citation: Talos GPlayed)",
+      "modified": "2022-04-12T10:01:44.682Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1",
+      "created": "2020-06-26T15:32:25.002Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can record keystrokes.(Citation: Threat Fabric Cerberus)",
+      "modified": "2022-04-15T17:33:17.868Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6",
+      "created": "2020-01-21T14:20:50.409Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020.",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:46:20.857Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) includes code to hide its icon, but the function does not appear to be called in an analyzed version of the software.(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132",
+      "created": "2022-03-30T14:06:26.530Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Mobile security products can typically detect jailbroken or rooted devices. ",
+      "modified": "2022-03-30T14:06:26.530Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--cf2cccb1-cab8-431a-8ecf-f7874d05f433",
+      "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81",
+      "created": "2023-03-20T15:45:44.000Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:40:17.754Z",
+      "description": "Mobile security products can potentially detect jailbroken devices.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5",
+      "created": "2023-03-20T15:21:12.492Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T17:20:13.644Z",
+      "description": "Integrity checking mechanisms can potentially detect unauthorized hardware modifications.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f4aeacef-035c-4308-9e85-997703e27809",
+      "created": "2020-01-27T17:05:58.305Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:27:33.906Z",
+      "description": "[GolfSpy](https://attack.mitre.org/software/S0421) can delete arbitrary files on the device.(Citation: Trend Micro Bouncing Golf 2019)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c19cfc89-5ac6-4d2d-a236-70d2b32e007c",
       "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
@@ -43796,45 +48053,142 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae",
+      "id": "relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012",
       "type": "relationship",
-      "created": "2020-11-10T17:08:35.746Z",
+      "created": "2020-12-14T14:52:03.218Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Lookout Uyghur Campaign",
-          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
-          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+          "source_name": "Sophos Red Alert 2.0",
+          "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/",
+          "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020."
         }
       ],
-      "modified": "2020-12-01T19:48:44.878Z",
-      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has searched device storage for various files, including .amr files (audio recordings) and superuser binaries.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-12-14T14:52:03.218Z",
+      "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) can obtain the running application.(Citation: Sophos Red Alert 2.0)",
       "relationship_type": "uses",
-      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
-      "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+      "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d",
-      "created": "2023-02-28T21:43:12.487Z",
+      "id": "relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1",
+      "created": "2019-07-10T15:35:43.661Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cloudmark_tanglebot_0921",
-          "description": "Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.",
-          "url": "https://www.cloudmark.com/en/blog/malware/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19"
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-02-28T21:43:12.487Z",
-      "description": "[TangleBot](https://attack.mitre.org/software/S1069) can make and block phone calls.(Citation: cloudmark_tanglebot_0921)",
+      "modified": "2023-04-05T20:32:57.154Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) captures and exfiltrates all SMS messages, including future messages as they are received.(Citation: Lookout Dark Caracal Jan 2018)",
       "relationship_type": "uses",
-      "source_ref": "malware--68156e5a-4c3a-46dd-9c5e-c0bfdec6651f",
-      "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "PaloAlto-SpyDealer",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:33:12.082Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests SMS and MMS messages from victims.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45",
+      "created": "2019-09-15T15:32:17.580Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Android Notification Listeners",
+          "url": "https://developer.android.com/reference/android/app/admin/DevicePolicyManager#setPermittedCrossProfileNotificationListeners(android.content.ComponentName,%20java.util.List%3Cjava.lang.String%3E)",
+          "description": "Android. (n.d.).  DevicePolicyManager. Retrieved September 15, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "On Android devices with a work profile, the `DevicePolicyManager.setPermittedCrossProfileNotificationListeners` method can be used to manage the list of applications running within the personal profile that can access notifications generated within the work profile. This policy would not affect notifications generated by the rest of the device. The `DevicePolicyManager.setApplicationHidden` method can be used to disable notification access for unwanted applications, but this method would also block that entire application from running.(Citation: Android Notification Listeners) ",
+      "modified": "2022-04-01T14:50:28.686Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19",
+      "created": "2020-09-24T15:26:15.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:41:01.468Z",
+      "description": "[XLoader for iOS](https://attack.mitre.org/software/S0490) has exfiltrated data using HTTP requests.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--29944858-da52-4d3d-b428-f8a6eb8dde6f",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f5196775-2c99-4dc5-b173-6a10af503c6e",
+      "created": "2023-09-25T19:55:13.827Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-25T19:55:13.827Z",
+      "description": "Users should be encouraged to be very careful with granting dangerous permissions, such as device administrator or access to device accessibility.",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
@@ -43842,31 +48196,99 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d",
       "type": "relationship",
-      "id": "relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7",
-      "created": "2023-01-18T19:19:34.604Z",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.112Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads information about installed packages.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4",
+      "created": "2022-09-29T21:22:06.716Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
         {
-          "source_name": "cyble_drinik_1022",
-          "description": "Cyble. (2022, October 27). Drinik Malware Returns With Advanced Capabilities Targeting Indian Taxpayers. Retrieved January 18, 2023.",
-          "url": "https://blog.cyble.com/2022/10/27/drinik-malware-returns-with-advanced-capabilities-targeting-indian-taxpayers/"
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
         }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T17:52:35.805Z",
-      "description": "[Drinik](https://attack.mitre.org/software/S1054) can send stolen data back to the C2 server.(Citation: cyble_drinik_1022)",
+      "modified": "2022-09-30T18:45:10.156Z",
+      "description": "During [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016), the threat actors used Android backdoors to continually forward all SMS messages and call information back to their C2 servers.(Citation: Cylance Dust Storm)",
       "relationship_type": "uses",
-      "source_ref": "malware--d6e009b7-df5e-447a-bfd2-d5b77374edfe",
-      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "source_ref": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a",
+      "created": "2023-03-20T18:39:10.113Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T17:14:24.009Z",
+      "description": "The user can view a list of device administrators in device settings and revoke permission where appropriate. Applications that request device administrator permissions should be scrutinized further for malicious behavior.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+      "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--f5acd046-2943-48bf-836a-2109c4f1a5c4",
+      "created": "2023-09-28T17:20:50.748Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:20:50.748Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can record audio from the device’s microphone.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
@@ -43894,44 +48316,44 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "type": "relationship",
+      "id": "relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78",
+      "created": "2023-03-20T18:54:09.674Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "type": "relationship",
-      "id": "relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31",
-      "created": "2022-04-06T13:41:17.517Z",
-      "x_mitre_version": "0.1",
+      "modified": "2023-08-09T15:58:57.985Z",
+      "description": "On Android, users may be presented with a popup to select the appropriate application to open a URI in. If the user sees an application they do not recognize, they can remove it.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
       "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-06T13:41:17.517Z",
-      "relationship_type": "revoked-by",
-      "source_ref": "attack-pattern--e399430e-30b7-48c5-b70a-f44dc8c175cb",
-      "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1",
+      "id": "relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3",
       "type": "relationship",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "Zscaler-SpyNote",
-          "description": "Shivang Desai. (2017, January 23). SpyNote RAT posing as Netflix app. Retrieved January 26, 2017.",
-          "url": "https://www.zscaler.com/blogs/research/spynote-rat-posing-netflix-app"
+          "source_name": "Lookout-PegasusAndroid",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017.",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/"
         }
       ],
-      "modified": "2019-10-10T15:24:09.355Z",
-      "description": "[SpyNote RAT](https://attack.mitre.org/software/S0305) can activate the victim's microphone.(Citation: Zscaler-SpyNote)",
+      "modified": "2019-08-09T17:52:31.854Z",
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) accesses the list of installed applications.(Citation: Lookout-PegasusAndroid)",
       "relationship_type": "uses",
-      "source_ref": "malware--20dbaf05-59b8-4dc6-8777-0b17f4553a23",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -43940,24 +48362,347 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "type": "relationship",
-      "id": "relationship--2acc0c1a-af30-4410-976b-31148df5378d",
-      "created": "2022-03-28T19:39:42.538Z",
+      "id": "relationship--f6098dca-3a9e-4991-8d51-1310b12161b6",
+      "created": "2017-12-14T16:46:06.044Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Lookout-PegasusAndroid",
+          "url": "https://blog.lookout.com/blog/2017/04/03/pegasus-android/",
+          "description": "Mike Murray. (2017, April 3). Pegasus for Android: the other side of the story emerges. Retrieved April 16, 2017."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "[Pegasus for Android](https://attack.mitre.org/software/S0316) uses SMS for command and control.(Citation: Lookout-PegasusAndroid)",
+      "modified": "2022-04-19T14:25:41.669Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "uses",
+      "source_ref": "malware--93799a9d-3537-43d8-b6f4-17215de1657c",
+      "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e",
+      "created": "2022-03-30T20:43:31.249Z",
       "x_mitre_version": "0.1",
       "x_mitre_deprecated": false,
       "revoked": false,
       "description": "",
-      "modified": "2022-03-28T19:39:42.538Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
-      "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
+      "modified": "2022-03-30T20:43:31.249Z",
+      "relationship_type": "revoked-by",
+      "source_ref": "attack-pattern--8197f026-64da-4700-93b9-b55ba55f3b31",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
       "x_mitre_attack_spec_version": "2.1.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b",
-      "created": "2021-01-05T20:16:20.492Z",
+      "id": "relationship--f62e0aaf-e52f-40b9-a059-001f298a0660",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Kaspersky-Skygofree",
+          "description": "Nikita Buchka and Alexey Firsh. (2018, January 16). Skygofree: Following in the footsteps of HackingTeam. Retrieved September 24, 2018.",
+          "url": "https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:19:00.168Z",
+      "description": "[Skygofree](https://attack.mitre.org/software/S0327) can be controlled via HTTP, XMPP, FirebaseCloudMessaging, or GoogleCloudMessaging in older versions.(Citation: Kaspersky-Skygofree)",
+      "relationship_type": "uses",
+      "source_ref": "malware--3a913bac-4fae-4d0e-bca8-cae452f1599b",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794",
+      "type": "relationship",
+      "created": "2019-11-21T16:42:48.488Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+          "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/",
+          "source_name": "SecureList - ViceLeaker 2019"
+        },
+        {
+          "source_name": "Bitdefender - Triout 2018",
+          "url": "https://labs.bitdefender.com/2018/08/triout-spyware-framework-for-android-with-extensive-surveillance-capabilities/",
+          "description": "L. Arsene, C. Ochinca. (2018, August 20). Triout – Spyware Framework for Android with Extensive Surveillance Capabilities. Retrieved January 21, 2020."
+        }
+      ],
+      "modified": "2020-01-21T14:20:50.474Z",
+      "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) can record audio from the device’s microphone and can record phone calls together with the caller ID.(Citation: SecureList - ViceLeaker 2019)(Citation: Bitdefender - Triout 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f6417788-0c6e-4172-9010-f20870ec2278",
+      "created": "2023-06-09T19:16:07.193Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-06-09T19:16:07.193Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can request device administrator privileges.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f65087b4-adf2-4292-a711-7ae829e91397",
+      "type": "relationship",
+      "created": "2019-09-04T14:28:16.385Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "description": "Bauer A., Kumar A., Hebeisen C., et al. (2019, July). Monokle: The Mobile Surveillance Tooling of the Special Technology Center. Retrieved September 4, 2019.",
+          "url": "https://www.lookout.com/documents/threat-reports/lookout-discovers-monokle-threat-report.pdf",
+          "source_name": "Lookout-Monokle"
+        }
+      ],
+      "modified": "2019-09-04T14:32:12.877Z",
+      "description": "[Monokle](https://attack.mitre.org/software/S0407) can list applications installed on the device.(Citation: Lookout-Monokle)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6a7aaab1-3e0a-48bb-ba66-bbf7665c0a65",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.682Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record phone calls and surrounding audio.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f69ff81e-22e4-450c-b3dd-7f3f66610663",
+      "created": "2023-08-16T16:39:10.564Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "cyble_chameleon_0423",
+          "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+          "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-16T16:39:10.564Z",
+      "description": "[Chameleon](https://attack.mitre.org/software/S1083) can disable Google Play Protect.(Citation: cyble_chameleon_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f6a451e8-2125-4bbe-be52-e682523cd169",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-10-15T19:37:21.273Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) harvests the device phone number, IMEI, and IMSI.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa",
+      "created": "2020-11-10T17:08:35.761Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:00:38.611Z",
+      "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has deleted call log entries coming from known C2 sources.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+      "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1",
+      "type": "relationship",
+      "created": "2020-07-20T13:49:03.693Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "TrendMicro-XLoader-FakeSpy",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/",
+          "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020."
+        }
+      ],
+      "modified": "2020-09-24T15:12:24.242Z",
+      "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) collects the device’s IMSI and ICCID.(Citation: TrendMicro-XLoader-FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc",
+      "created": "2022-04-01T13:18:40.460Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Contact list access is an uncommonly needed permission, so users should be instructed to use extra scrutiny when granting access to their contact list. ",
+      "modified": "2022-04-01T13:18:40.460Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f747ccb7-32c0-45fc-9842-bfb160a9db22",
+      "created": "2023-07-21T19:39:20.054Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:39:20.054Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) uses a background service that can restart itself when the parent activity is stopped.(Citation: lookout_bouldspy_0423)     ",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f776a4da-0fa6-414c-a705-e9e8b419e056",
+      "type": "relationship",
+      "created": "2020-06-26T15:32:25.058Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Cerberus",
+          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
+          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
+        },
+        {
+          "source_name": "CheckPoint Cerberus",
+          "url": "https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/",
+          "description": "A. Hazum, B. Melnykov, C. Efrati, D. Golubenko, I. Wernik, L. Kuperman, O. Mana. (2020, April 29). First seen in the wild – Malware uses Corporate MDM as attack vector. Retrieved June 26, 2020."
+        }
+      ],
+      "modified": "2020-06-26T15:32:25.058Z",
+      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can inject input to grant itself additional permissions without user interaction and to prevent application removal.(Citation: Threat Fabric Cerberus)(Citation: CheckPoint Cerberus)",
+      "relationship_type": "uses",
+      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a",
+      "created": "2021-01-07T17:02:31.805Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -43970,133 +48715,62 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-04-05T17:47:18.774Z",
-      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has registered for device boot, incoming, and outgoing calls broadcast intents.(Citation: Zscaler TikTok Spyware)",
+      "modified": "2023-04-05T19:56:32.861Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can access the device's contact list.(Citation: Zscaler TikTok Spyware) ",
       "relationship_type": "uses",
       "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
-      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
       "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "type": "relationship",
-      "id": "relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5",
-      "created": "2023-03-03T16:26:20.400Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "paloalto_yispecter_1015",
-          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
-          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
-        }
-      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-03T16:26:20.400Z",
-      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected information about running processes.(Citation: paloalto_yispecter_1015)",
+      "id": "relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.021Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) can perform GPS location tracking as well as capturing coordinates as when an SMS message or call is received.(Citation: Lookout-StealthMango)",
       "relationship_type": "uses",
-      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
-      "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "type": "relationship",
-      "id": "relationship--3bf4b093-a1a3-48da-9236-bce9514765eb",
-      "created": "2022-04-05T19:46:05.853Z",
-      "x_mitre_version": "0.1",
-      "external_references": [
-        {
-          "source_name": "Samsung Keyboards",
-          "url": "https://support.samsungknox.com/hc/en-us/articles/360001485027-3rd-party-keyboards-must-be-whitelisted-",
-          "description": "Samsung. (2019, August 16). 3rd party keyboards must be whitelisted.. Retrieved September 1, 2019."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "When using Samsung Knox, third-party keyboards must be explicitly added to an allow list in order to be available to the end-user.(Citation: Samsung Keyboards)",
-      "modified": "2022-04-05T19:46:05.853Z",
-      "relationship_type": "mitigates",
-      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
-      "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45",
-      "created": "2023-02-06T19:47:26.528Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:47:26.528Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has been distributed in obfuscated and packed form.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--70fa8498-6117-4e15-ae3c-f53d63996826",
-      "type": "relationship",
-      "created": "2020-06-26T15:32:25.050Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "external_references": [
-        {
-          "source_name": "Threat Fabric Cerberus",
-          "url": "https://www.threatfabric.com/blogs/cerberus-a-new-banking-trojan-from-the-underworld.html",
-          "description": "Threat Fabric. (2019, August). Cerberus - A new banking Trojan from the underworld. Retrieved June 26, 2020."
-        }
-      ],
-      "modified": "2020-06-26T15:32:25.050Z",
-      "description": "[Cerberus](https://attack.mitre.org/software/S0480) can collect the device’s location.(Citation: Threat Fabric Cerberus)",
-      "relationship_type": "uses",
-      "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
       "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396",
-      "created": "2023-03-20T18:40:12.814Z",
+      "id": "relationship--f8151852-5a56-4c91-a691-1e50387a291d",
+      "created": "2023-09-28T17:39:14.900Z",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Trend Micro FlyTrap",
+          "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+          "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-20T18:40:12.814Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
-      "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+      "modified": "2023-09-28T17:39:14.900Z",
+      "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can collect IP address and network configuration information.(Citation: Trend Micro FlyTrap)",
+      "relationship_type": "uses",
+      "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+      "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_attack_spec_version": "3.2.0",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
@@ -44104,9 +48778,213 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc",
       "type": "relationship",
-      "created": "2020-12-24T21:55:56.688Z",
+      "id": "relationship--f84355c2-b829-4324-821a-b5148734bb6b",
+      "created": "2022-04-01T15:21:35.655Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Users should be wary of granting applications dangerous or privacy-intrusive permissions, such as access to microphone or audio output. ",
+      "modified": "2022-04-01T15:21:35.655Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f857935b-653a-4b9a-a2dc-59c042059a39",
+      "created": "2023-03-20T15:56:04.673Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-14T16:28:45.049Z",
+      "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application. ",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c",
+      "type": "relationship",
+      "created": "2020-12-18T20:14:47.371Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "WhiteOps TERRACOTTA",
+          "url": "https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study",
+          "description": "Satori Threat Intelligence and Research Team. (2020, August). TERRACOTTA Android Malware: A Technical Study. Retrieved December 18, 2020."
+        }
+      ],
+      "modified": "2020-12-18T21:00:05.246Z",
+      "description": "[TERRACOTTA](https://attack.mitre.org/software/S0545) can send SMS messages.(Citation: WhiteOps TERRACOTTA)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e296b110-46d3-4f7a-894c-cc71ea50168c",
+      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57",
+      "type": "relationship",
+      "created": "2020-04-08T15:51:25.120Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020."
+        }
+      ],
+      "modified": "2020-04-08T15:51:25.120Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) obfuscates its payload, code, and strings.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f92fe9dd-7296-42f6-904e-e245c438376e",
+      "created": "2020-12-14T15:02:35.291Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Securelist Asacub",
+          "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+          "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T21:25:06.012Z",
+      "description": "[Asacub](https://attack.mitre.org/software/S0540) can request device administrator permissions.(Citation: Securelist Asacub)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+      "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ArsTechnica-HummingBad",
+          "description": "Dan Goodin. (2016, July 7). 10 million Android phones infected by all-powerful auto-rooting apps. Retrieved January 24, 2017.",
+          "url": "http://arstechnica.com/security/2016/07/virulent-auto-rooting-malware-takes-control-of-10-million-android-devices/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-21T18:51:23.251Z",
+      "description": "[HummingBad](https://attack.mitre.org/software/S0322) can create fraudulent statistics inside the official Google Play Store, and has generated revenue from installing fraudulent apps and displaying malicious advertisements.(Citation: ArsTechnica-HummingBad)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c8770c81-c29f-40d2-a140-38544206b2b4",
+      "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f",
+      "created": "2019-10-18T14:50:57.494Z",
+      "x_mitre_version": "1.0",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Security updates often contain patches for vulnerabilities.",
+      "modified": "2022-04-11T14:26:44.192Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+      "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f989562f-41a8-46d3-94ba-fca7269ae592",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-08-09T17:59:49.072Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) is delivered via a a watering hole website that mimics the third-party Android app store APKMonk. In at least one case, the watering hole URL was distributed through Facebook Messenger.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae",
+      "created": "2019-09-04T20:01:42.753Z",
+      "x_mitre_version": "1.0",
+      "external_references": [
+        {
+          "source_name": "Nightwatch screencap April 2016",
+          "url": "https://wwws.nightwatchcybersecurity.com/2016/04/13/research-securing-android-applications-from-screen-capture/",
+          "description": "Nightwatch Cybersecurity. (2016, April 13). Research: Securing Android Applications from Screen Capture (FLAG_SECURE). Retrieved November 5, 2019."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Application developers can apply the `FLAG_SECURE` property to sensitive screens within their apps to make it more difficult for the screen contents to be captured.(Citation: Nightwatch screencap April 2016) ",
+      "modified": "2022-04-01T13:31:59.712Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--25dc1ce8-eb55-4333-ae30-a7cb4f5894a1",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0",
+      "type": "relationship",
+      "created": "2020-12-24T21:55:56.686Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
@@ -44115,39 +48993,48 @@
           "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
         }
       ],
-      "modified": "2020-12-24T21:55:56.688Z",
-      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has captured audio and can record phone calls.(Citation: Lookout Uyghur Campaign)",
+      "modified": "2020-12-24T21:55:56.686Z",
+      "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has accessed common system information.(Citation: Lookout Uyghur Campaign)",
       "relationship_type": "uses",
       "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
-      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "type": "relationship",
+      "id": "relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb",
+      "created": "2020-09-15T15:18:12.466Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason FakeSpy",
+          "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+          "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:17:07.033Z",
+      "description": "[FakeSpy](https://attack.mitre.org/software/S0509) exfiltrates data using HTTP requests.(Citation: Cybereason FakeSpy)",
+      "relationship_type": "uses",
+      "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+      "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--fa1da6db-da32-45d2-98a8-6bbe153166da",
       "type": "relationship",
-      "id": "relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd",
-      "created": "2022-04-01T18:50:00.027Z",
-      "x_mitre_version": "0.1",
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "",
-      "modified": "2022-04-01T18:50:00.027Z",
-      "relationship_type": "subtechnique-of",
-      "source_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
-      "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--290a627d-172d-494d-a0cc-685f480a1034",
       "created": "2017-12-14T16:46:06.044Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
       "external_references": [
         {
           "source_name": "Lookout-EnterpriseApps",
@@ -44155,169 +49042,41 @@
           "url": "https://blog.lookout.com/blog/2016/05/25/spoofed-apps/"
         }
       ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:36:27.983Z",
-      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) collects call logs.(Citation: Lookout-EnterpriseApps)",
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[AndroRAT](https://attack.mitre.org/software/S0292) tracks the device location.(Citation: Lookout-EnterpriseApps)",
       "relationship_type": "uses",
       "source_ref": "malware--a3dad2be-ce62-4440-953b-00fbce7aba93",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
       "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--084786ee-9384-4a00-9e1b-48f94ea70126",
-      "created": "2019-09-03T19:45:48.517Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "SWB Exodus March 2019",
-          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019.",
-          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:09:45.426Z",
-      "description": "[Exodus](https://attack.mitre.org/software/S0405) Two can exfiltrate calendar events.(Citation: SWB Exodus March 2019) ",
-      "relationship_type": "uses",
-      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
-      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
+      "id": "relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d",
       "type": "relationship",
-      "id": "relationship--03172b09-4f97-4fb8-95f0-92b2d8957408",
-      "created": "2020-06-26T14:55:13.349Z",
-      "x_mitre_version": "1.0",
-      "external_references": [
-        {
-          "source_name": "Cybereason EventBot",
-          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born",
-          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020."
-        }
-      ],
-      "x_mitre_deprecated": false,
-      "revoked": false,
-      "description": "[EventBot](https://attack.mitre.org/software/S0478) has encrypted base64-encoded payload data using RC4 and Curve25519.(Citation: Cybereason EventBot)",
-      "modified": "2022-04-18T15:57:14.375Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "relationship_type": "uses",
-      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
-      "target_ref": "attack-pattern--bb4387ab-7a51-468b-bf5f-a9a8612f0303",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--48486680-530c-4ed9-aca3-94969aa262b6",
-      "created": "2019-07-10T15:35:43.665Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "Lookout Dark Caracal Jan 2018",
-          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
-          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-04-05T17:38:00.609Z",
-      "description": "[Pallas](https://attack.mitre.org/software/S0399) accesses and exfiltrates the call log.(Citation: Lookout Dark Caracal Jan 2018)",
-      "relationship_type": "uses",
-      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
-      "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "relationship--0a610208-06af-425f-a9af-cd0899261e33",
-      "type": "relationship",
-      "created": "2020-09-11T15:45:38.450Z",
+      "created": "2021-01-05T20:16:20.417Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "external_references": [
         {
-          "source_name": "TrendMicro Coronavirus Updates",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/",
-          "description": "T. Bao, J. Lu. (2020, April 14).  Coronavirus Update App Leads to Project Spy Android and iOS Spyware. Retrieved April 24, 2020."
+          "source_name": "Zscaler TikTok Spyware",
+          "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware",
+          "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021."
         }
       ],
-      "modified": "2020-09-11T15:45:38.450Z",
-      "description": "[Corona Updates](https://attack.mitre.org/software/S0425) can send SMS messages.(Citation: TrendMicro Coronavirus Updates)",
+      "modified": "2021-01-05T20:16:20.417Z",
+      "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) can capture photos and videos from the device’s camera.(Citation: Zscaler TikTok Spyware)",
       "relationship_type": "uses",
-      "source_ref": "malware--366c800f-97a8-48d5-b0a6-79d00198252a",
-      "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+      "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
       "x_mitre_version": "1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
       "type": "relationship",
-      "id": "relationship--0291c9d5-8977-420d-8374-b786e3095a73",
-      "created": "2023-03-20T18:49:53.204Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-03-20T18:49:53.204Z",
-      "description": "",
-      "relationship_type": "detects",
-      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364",
-      "created": "2023-02-06T19:46:19.592Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "threatfabric_sova_0921",
-          "description": "ThreatFabric. (2021, September 9). S.O.V.A. - A new Android Banking trojan with fowl intentions. Retrieved February 6, 2023.",
-          "url": "https://www.threatfabric.com/blogs/sova-new-trojan-with-fowl-intentions.html"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "modified": "2023-02-06T19:46:19.592Z",
-      "description": "[S.O.V.A.](https://attack.mitre.org/software/S1062) has C2 commands to add an infected device to a DDoS pool.(Citation: threatfabric_sova_0921)",
-      "relationship_type": "uses",
-      "source_ref": "malware--4b53eb01-57d7-47b4-b078-22766b002b36",
-      "target_ref": "attack-pattern--d2e112dc-f6d4-488d-b8df-ecbfb57a0a2d",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "0.1",
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "type": "relationship",
-      "id": "relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c",
-      "created": "2023-01-18T21:38:58.113Z",
+      "id": "relationship--fa5f3aea-2131-4690-8833-dc428fae2b22",
+      "created": "2023-01-18T21:38:34.350Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
       "external_references": [
@@ -44330,16 +49089,834 @@
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "modified": "2023-03-27T18:49:16.069Z",
-      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can use input injection via Accessibility Services to simulate user touch inputs, prevent applications from opening, change device settings, and bypass MFA protections.(Citation: nccgroup_sharkbot_0322)",
+      "modified": "2023-03-27T18:57:53.504Z",
+      "description": "[SharkBot](https://attack.mitre.org/software/S1055) can intercept notifications to send to the C2 server and take advantage of the Direct Reply feature.(Citation: nccgroup_sharkbot_0322)",
       "relationship_type": "uses",
       "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
-      "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+      "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
       "x_mitre_deprecated": false,
       "x_mitre_version": "0.1",
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fada5ba5-7449-4878-b555-82f225473c8b",
+      "created": "2022-03-30T19:28:42.179Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can detect unauthorized modifications to devices. Mobile security software can then use this information and take appropriate mitigation action. ",
+      "modified": "2022-03-30T19:28:42.179Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fadd27ec-56ac-4834-af40-76c9e8764eb9",
+      "created": "2023-07-21T19:34:53.934Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_bouldspy_0423",
+          "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+          "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-07-21T19:34:53.934Z",
+      "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can get a device’s location using GPS or network.(Citation: lookout_bouldspy_0423)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+      "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--faf3396c-3a53-478c-b15c-7ff44ef4a5f5",
+      "created": "2023-06-09T19:16:53.458Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-06-09T19:16:53.458Z",
+      "description": "[Hornbill](https://attack.mitre.org/software/S1077) can access a device’s camera and take photos.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6",
+      "created": "2020-09-11T16:22:03.266Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout ViperRAT",
+          "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+          "url": "https://blog.lookout.com/viperrat-mobile-apt"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:33:34.466Z",
+      "description": "[ViperRAT](https://attack.mitre.org/software/S0506) can collect SMS messages.(Citation: Lookout ViperRAT)",
+      "relationship_type": "uses",
+      "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68",
+      "type": "relationship",
+      "created": "2020-12-24T21:45:56.979Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2021-04-19T14:29:46.650Z",
+      "description": "[SilkBean](https://attack.mitre.org/software/S0549) can retrieve files from external storage and can collect browser data.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb3b32a8-6422-4d44-91e3-27a58e569963",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.494Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.179Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can take screenshots of any application in the foreground.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674",
+      "type": "relationship",
+      "created": "2020-12-24T22:04:28.025Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout Uyghur Campaign",
+          "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf",
+          "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020."
+        }
+      ],
+      "modified": "2020-12-24T22:04:28.025Z",
+      "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has retrieved .doc, .txt, .gif, .apk, .jpg, .png, .mp3, and .db files from external storage.(Citation: Lookout Uyghur Campaign)",
+      "relationship_type": "uses",
+      "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fb587f81-1300-438d-a33b-f8d08530788b",
+      "created": "2019-07-10T15:35:43.704Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout Dark Caracal Jan 2018",
+          "description": "Blaich, A., et al. (2018, January 18). Dark Caracal: Cyber-espionage at a Global Scale. Retrieved April 11, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:41:13.182Z",
+      "description": "[Pallas](https://attack.mitre.org/software/S0399) exfiltrates data using HTTP.(Citation: Lookout Dark Caracal Jan 2018)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c41a8b7c-3e42-4eee-b87d-ad8a100ee878",
+      "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "source_name": "Lookout-StealthMango"
+        }
+      ],
+      "modified": "2019-10-15T19:44:36.125Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) collected and exfiltrated data from the device, including sensitive letters/documents, stored photos, and stored audio files.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fb62afa9-d593-44f8-840d-bd5c595a1228",
+      "created": "2022-04-01T18:44:46.780Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "An EMM/MDM can use the Android `DevicePolicyManager.setPermittedAccessibilityServices` method to set an explicit list of applications that are allowed to use Android's accessibility features.",
+      "modified": "2022-04-01T18:44:46.780Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+      "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Lookout-StealthMango",
+          "description": "Lookout. (n.d.). Stealth Mango & Tangelo. Retrieved September 27, 2018.",
+          "url": "https://info.lookout.com/rs/051-ESQ-475/images/lookout-stealth-mango-srr-us.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T16:50:54.500Z",
+      "description": "[Stealth Mango](https://attack.mitre.org/software/S0328) uploads SMS messages.(Citation: Lookout-StealthMango)",
+      "relationship_type": "uses",
+      "source_ref": "malware--085eb36d-697d-4d9a-bac3-96eb879fe73c",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fbdbddd7-4980-4061-9192-24a887bc6bad",
+      "type": "relationship",
+      "created": "2020-12-07T14:28:32.141Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Threat Fabric Exobot",
+          "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html",
+          "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020."
+        }
+      ],
+      "modified": "2020-12-07T14:28:32.141Z",
+      "description": "[Exobot](https://attack.mitre.org/software/S0522) can open a SOCKS proxy connection through the compromised device.(Citation: Threat Fabric Exobot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+      "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fbeef07b-7aa1-461c-884a-d3c4f730d5f7",
+      "created": "2023-09-28T17:22:27.968Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bleeipng Computer Escobar",
+          "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+          "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-09-28T17:22:27.968Z",
+      "description": "[Escobar](https://attack.mitre.org/software/S1092) can collect credentials using phishing overlays.(Citation: Bleeipng Computer Escobar)",
+      "relationship_type": "uses",
+      "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+      "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.2.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4",
+      "type": "relationship",
+      "created": "2019-09-03T19:45:48.485Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SWB Exodus March 2019",
+          "url": "https://securitywithoutborders.org/blog/2019/03/29/exodus.html",
+          "description": "Security Without Borders. (2019, March 29). Exodus: New Android Spyware Made in Italy. Retrieved September 3, 2019."
+        }
+      ],
+      "modified": "2019-09-11T13:25:19.117Z",
+      "description": " [Exodus](https://attack.mitre.org/software/S0405) Two can obtain a list of installed applications.(Citation: SWB Exodus March 2019) ",
+      "relationship_type": "uses",
+      "source_ref": "malware--3049b2f2-e323-4cdb-91cb-13b37b904cbb",
+      "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55",
+      "created": "2023-03-03T16:23:56.031Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "paloalto_yispecter_1015",
+          "description": "Claud Xiao. (2015, October 4). YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs. Retrieved March 3, 2023.",
+          "url": "https://unit42.paloaltonetworks.com/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-03-03T16:23:56.031Z",
+      "description": "[YiSpecter](https://attack.mitre.org/software/S0311) has collected the device UUID.(Citation: paloalto_yispecter_1015)",
+      "relationship_type": "uses",
+      "source_ref": "malware--a15c9357-2be0-4836-beec-594f28b9b4a9",
+      "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fc816ddc-199d-47b0-93af-c81305d0919f",
+      "type": "relationship",
+      "created": "2020-06-02T14:32:31.767Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Volexity Insomnia",
+          "url": "https://www.volexity.com/blog/2020/04/21/evil-eye-threat-actor-resurfaces-with-ios-exploit-and-updated-implant/",
+          "description": "A. Case, D. Lassalle, M. Meltzer, S. Koessel, et al.. (2020, April 21). Evil Eye Threat Actor Resurfaces with iOS Exploit and Updated Implant. Retrieved June 2, 2020."
+        }
+      ],
+      "modified": "2020-06-02T14:32:31.767Z",
+      "description": "[INSOMNIA](https://attack.mitre.org/software/S0463) has utilized malicious JavaScript and iframes to exploit WebKit running on vulnerable iOS 12 devices.(Citation: Volexity Insomnia)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21b7e0b0-0dea-4ccc-8ad4-8da51fe3a901",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcb3a139-f644-45c9-8123-dfea0455143a",
+      "type": "relationship",
+      "created": "2019-08-09T17:56:05.588Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-spydealer-android-trojan-spying-40-apps/",
+          "description": "Wenjun Hu, Cong Zheng and Zhi Xu. (2017, July 6). SpyDealer: Android Trojan Spying on More Than 40 Apps. Retrieved September 18, 2018.",
+          "source_name": "PaloAlto-SpyDealer"
+        }
+      ],
+      "modified": "2019-08-09T17:56:05.588Z",
+      "description": "[SpyDealer](https://attack.mitre.org/software/S0324) can record video and take photos via front and rear cameras.(Citation: PaloAlto-SpyDealer)",
+      "relationship_type": "uses",
+      "source_ref": "malware--86fc6f0c-86d9-473e-89f3-f50f3cb9319b",
+      "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcc42341-ec3a-4e24-a374-46bed72d061f",
+      "type": "relationship",
+      "created": "2021-10-01T14:42:49.191Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecureList BusyGasper",
+          "url": "https://securelist.com/busygasper-the-unfriendly-spy/87627/",
+          "description": "Alexey Firsh. (2018, August 29). BusyGasper – the unfriendly spy. Retrieved October 1, 2021."
+        }
+      ],
+      "modified": "2021-10-01T14:42:49.191Z",
+      "description": "[BusyGasper](https://attack.mitre.org/software/S0655) can collect data from messaging applications, including WhatsApp, Viber, and Facebook.(Citation: SecureList BusyGasper)",
+      "relationship_type": "uses",
+      "source_ref": "malware--e110f94a-e2c5-4f5f-ba78-9c2ab6d2d9e4",
+      "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd",
+      "created": "2020-06-26T14:55:13.333Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Cybereason EventBot",
+          "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+          "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:49:38.924Z",
+      "description": "[EventBot](https://attack.mitre.org/software/S0478) registers for the `BOOT_COMPLETED` intent to auto-start after the device boots.(Citation: Cybereason EventBot)",
+      "relationship_type": "uses",
+      "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+      "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576",
+      "type": "relationship",
+      "created": "2020-09-14T14:13:45.294Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout eSurv",
+          "url": "https://blog.lookout.com/esurv-research",
+          "description": "A. Bauer. (2019, April 8). Lookout discovers phishing sites distributing new iOS and Android surveillanceware. Retrieved September 11, 2020."
+        }
+      ],
+      "modified": "2020-09-14T15:39:17.961Z",
+      "description": "[eSurv](https://attack.mitre.org/software/S0507)’s Android version is distributed in three stages: the dropper, the second stage payload, and the third stage payload which is [Exodus](https://attack.mitre.org/software/S0405).(Citation: Lookout eSurv)",
+      "relationship_type": "uses",
+      "source_ref": "malware--680f680c-eef9-4f8a-b5f5-f451bf47e403",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fd50cda0-66d4-4ae1-864e-9345d8124ce2",
+      "created": "2023-08-08T16:14:27.679Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-08T16:14:27.679Z",
+      "description": "Application vetting services may potentially determine if an application contains suspicious code and/or metadata.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901",
+      "type": "relationship",
+      "created": "2020-04-24T17:46:31.607Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "SecurityIntelligence TrickMo",
+          "url": "https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/",
+          "description": "P. Asinovsky. (2020, March 24). TrickBot Pushing a 2FA Bypass App to Bank Customers in Germany. Retrieved April 24, 2020."
+        }
+      ],
+      "modified": "2020-04-24T17:46:31.607Z",
+      "description": "[TrickMo](https://attack.mitre.org/software/S0427) contains obfuscated function, class, and variable names, and encrypts its shared preferences using Java’s `PBEWithMD5AndDES` algorithm.(Citation: SecurityIntelligence TrickMo)",
+      "relationship_type": "uses",
+      "source_ref": "malware--21170624-89db-4e99-bf27-58d26be07c3a",
+      "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549",
+      "created": "2023-03-20T18:24:56.396Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-07T17:12:07.475Z",
+      "description": "Mobile security products can often alert the user if their device is vulnerable to known exploits.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394",
+      "created": "2021-02-08T16:36:20.639Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021.",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:07:15.780Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has region-locked their malicious applications during their Operation BULL campaign.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1",
+      "created": "2020-07-15T20:20:59.227Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Bitdefender Mandrake",
+          "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+          "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T20:33:57.748Z",
+      "description": "[Mandrake](https://attack.mitre.org/software/S0485) can access SMS messages.(Citation: Bitdefender Mandrake)",
+      "relationship_type": "uses",
+      "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+      "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea",
+      "created": "2022-03-30T19:32:43.015Z",
+      "x_mitre_version": "0.1",
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Attestation can detect rooted devices. Mobile security software can then use this information and take appropriate mitigation action. Attestation can detect rooted devices.",
+      "modified": "2022-03-30T19:32:43.015Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--ff4821f6-5afb-481b-8c0f-26c28c0d666c",
+      "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "type": "relationship",
+      "id": "relationship--fe794ba6-42be-4d42-a16f-a41473874331",
+      "created": "2022-03-30T15:08:13.679Z",
+      "x_mitre_version": "0.1",
+      "external_references": [
+        {
+          "source_name": "Android-VerifiedBoot",
+          "url": "https://source.android.com/security/verifiedboot/",
+          "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016."
+        }
+      ],
+      "x_mitre_deprecated": false,
+      "revoked": false,
+      "description": "Android Verified Boot can detect unauthorized modifications made to the system partition, which could lead to execution flow hijacking.(Citation: Android-VerifiedBoot) ",
+      "modified": "2022-03-30T15:08:13.679Z",
+      "relationship_type": "mitigates",
+      "source_ref": "course-of-action--7b1cf46f-784b-405a-a8dd-4624c19d8321",
+      "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ff3aa49b-c054-44ec-89da-6c67d4995193",
+      "created": "2023-03-20T18:44:44.257Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-09T15:52:15.261Z",
+      "description": "Application vetting services can look for applications requesting the permissions granting access to accessibility services or application overlay.",
+      "relationship_type": "detects",
+      "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ff410bea-7b23-4b0c-9979-b7ae3050d938",
+      "created": "2023-08-04T18:34:26.118Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "lookout_hornbill_sunbird_0221",
+          "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+          "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-08-04T18:34:26.118Z",
+      "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate calendar information.(Citation: lookout_hornbill_sunbird_0221)",
+      "relationship_type": "uses",
+      "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+      "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "0.1",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--ff55feec-669d-4199-a05c-e8dfaebaaf8f",
+      "created": "2023-10-10T15:33:57.463Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "Microsoft MalLockerB",
+          "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
+          "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-10-10T15:33:57.463Z",
+      "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has masqueraded as popular apps, cracked games, and video players. (Citation: Microsoft MalLockerB)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+      "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ffc24804-42db-4be1-a418-7f5ab9de453c",
+      "type": "relationship",
+      "created": "2017-12-14T16:46:06.044Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "Lookout-NotCompatible",
+          "description": "Tim Strazzere. (2014, November 19). The new NotCompatible: Sophisticated and evasive threat harbors the potential to compromise enterprise networks. Retrieved December 22, 2016.",
+          "url": "https://blog.lookout.com/blog/2014/11/19/notcompatible/"
+        }
+      ],
+      "modified": "2018-10-17T00:14:20.652Z",
+      "description": "[NotCompatible](https://attack.mitre.org/software/S0299) has the capability to exploit systems on an enterprise network.(Citation: Lookout-NotCompatible)",
+      "relationship_type": "uses",
+      "source_ref": "malware--23040c15-e7d8-47b5-8c16-8fd3e0e297fe",
+      "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ffc82546-f4da-4f47-88ec-b215edb1d695",
+      "type": "relationship",
+      "created": "2021-02-08T16:36:20.799Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "source_name": "BlackBerry Bahamut",
+          "url": "https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/blackberry-com/asset/enterprise/pdf/direct/report-spark-bahamut.pdf",
+          "description": "The BlackBerry Research & Intelligence Team. (2020, October). BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps. Retrieved February 8, 2021."
+        }
+      ],
+      "modified": "2021-05-24T13:16:56.589Z",
+      "description": "[Windshift](https://attack.mitre.org/groups/G0112) has included malware functionality capable of downloading new DEX files at runtime during Operation BULL.(Citation: BlackBerry Bahamut)",
+      "relationship_type": "uses",
+      "source_ref": "intrusion-set--afec6dc3-a18e-4b62-b1a4-5510e1a498d1",
+      "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055",
+      "type": "relationship",
+      "created": "2018-10-17T00:14:20.652Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "url": "https://www.wandera.com/reddrop-malware/",
+          "description": "Nell Campbell. (2018, February 27). RedDrop: the blackmailing mobile malware family lurking in app stores. Retrieved September 18, 2018.",
+          "source_name": "Wandera-RedDrop"
+        }
+      ],
+      "modified": "2019-09-10T13:14:39.009Z",
+      "description": "[RedDrop](https://attack.mitre.org/software/S0326) captures live recordings of the device's surroundings.(Citation: Wandera-RedDrop)",
+      "relationship_type": "uses",
+      "source_ref": "malware--9ed10b5a-ff20-467f-bf2f-d3fbf763e381",
+      "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "type": "relationship",
+      "id": "relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9",
+      "created": "2020-04-08T15:51:25.149Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "ThreatFabric Ginp",
+          "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+          "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "modified": "2023-04-05T17:30:28.587Z",
+      "description": "[Ginp](https://attack.mitre.org/software/S0423) can download the device’s contact list.(Citation: ThreatFabric Ginp)",
+      "relationship_type": "uses",
+      "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+      "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-10-20T20:22:45.613Z",
+      "name": "Host Status",
+      "description": "Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2023-03-13T19:59:14.491Z",
       "name": "API Calls",
@@ -44361,6 +49938,43 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+      "type": "x-mitre-data-component",
+      "created": "2021-10-20T15:05:19.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-20T15:05:19.274Z",
+      "name": "Network Traffic Content",
+      "description": "Logged network traffic data showing both protocol header and body values (ex: PCAP)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-03-13T20:00:08.487Z",
+      "name": "Permissions Requests",
+      "description": "Permissions declared in an application's manifest or property list file",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+      "created": "2023-03-13T20:00:08.487Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2023-03-13T20:48:14.540Z",
       "name": "System Settings",
@@ -44382,6 +49996,75 @@
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "aliases": [
+        "Bouncing Golf"
+      ],
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+      "type": "intrusion-set",
+      "created": "2020-01-27T16:55:39.688Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "external_references": [
+        {
+          "external_id": "G0097",
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G0097"
+        },
+        {
+          "source_name": "Trend Micro Bouncing Golf 2019",
+          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
+          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+        }
+      ],
+      "modified": "2020-03-26T20:58:44.722Z",
+      "name": "Bouncing Golf",
+      "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
+      "x_mitre_version": "1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-03-13T19:59:42.141Z",
+      "name": "Network Communication",
+      "description": "Network requests made by an application or domains contacted",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+      "created": "2023-03-13T19:59:42.141Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+      "type": "x-mitre-data-component",
+      "created": "2021-10-20T15:05:19.274Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-20T15:05:19.274Z",
+      "name": "Network Traffic Flow",
+      "description": "Summarized network packet data, with metrics, such as protocol headers and volume (ex: Netflow or Zeek http.log)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "aliases": [
         "Windshift",
@@ -44430,6 +50113,82 @@
       "x_mitre_version": "1.1",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-03-13T20:47:24.038Z",
+      "name": "Permissions Request",
+      "description": "System prompts triggered when an application requests new or additional permissions",
+      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+      "created": "2023-03-13T20:47:24.038Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-10-07T16:14:39.124Z",
+      "name": "Command Execution",
+      "description": "The execution of a line of text, potentially with arguments, created from program code (e.g. a cmdlet executed via powershell.exe, interactive commands like >dir, shell executions, etc. )",
+      "x_mitre_data_source_ref": "x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+      "created": "2021-10-20T15:05:19.273Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
+      "type": "x-mitre-data-component",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-20T15:05:19.272Z",
+      "name": "Process Metadata",
+      "description": "Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-03-13T20:47:52.557Z",
+      "name": "System Notifications",
+      "description": "Notifications generated by the OS",
+      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+      "created": "2023-03-13T20:47:52.557Z",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "aliases": [
         "Dark Caracal"
@@ -44467,260 +50226,6 @@
       "x_mitre_version": "1.3",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
-      "type": "x-mitre-data-component",
-      "created": "2021-10-20T15:05:19.272Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-20T15:05:19.272Z",
-      "name": "Process Metadata",
-      "description": "Contextual data about a running process, which may include information such as environment variables, image name, user/owner, etc.",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2022-10-20T20:22:45.613Z",
-      "name": "Host Status",
-      "description": "Logging, messaging, and other artifacts highlighting the health of host sensors (ex: metrics, errors, and/or exceptions from logging applications)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.1",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
-      "created": "2021-10-20T15:05:19.272Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-13T20:00:08.487Z",
-      "name": "Permissions Requests",
-      "description": "Permissions declared in an application's manifest or property list file",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-      "created": "2023-03-13T20:00:08.487Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2022-10-17T19:51:56.531Z",
-      "name": "Earth Lusca",
-      "description": "[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in China, and cryptocurrency trading platforms; security researchers assess some [Earth Lusca](https://attack.mitre.org/groups/G1006) operations may be financially motivated.(Citation: TrendMicro EarthLusca 2022)\n\n[Earth Lusca](https://attack.mitre.org/groups/G1006) has used malware commonly used by other Chinese threat groups, including [APT41](https://attack.mitre.org/groups/G0096) and the [Winnti Group](https://attack.mitre.org/groups/G0044) cluster, however security researchers assess [Earth Lusca](https://attack.mitre.org/groups/G1006)'s techniques and infrastructure are separate.(Citation: TrendMicro EarthLusca 2022)",
-      "aliases": [
-        "Earth Lusca",
-        "TAG-22"
-      ],
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "type": "intrusion-set",
-      "id": "intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034",
-      "created": "2022-07-01T20:12:30.184Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G1006",
-          "external_id": "G1006"
-        },
-        {
-          "source_name": "TAG-22",
-          "description": "(Citation: Recorded Future TAG-22 July 2021)"
-        },
-        {
-          "source_name": "TrendMicro EarthLusca 2022",
-          "description": "Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.",
-          "url": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf"
-        },
-        {
-          "source_name": "Recorded Future TAG-22 July 2021",
-          "description": "INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.",
-          "url": "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_domains": [
-        "enterprise-attack",
-        "mobile-attack"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
-      "type": "x-mitre-data-component",
-      "created": "2021-10-20T15:05:19.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-20T15:05:19.274Z",
-      "name": "Network Traffic Flow",
-      "description": "Summarized network packet data, with metrics, such as protocol headers and volume (ex: Netflow or Zeek http.log)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2022-10-20T20:18:06.745Z",
-      "name": "Network Connection Creation",
-      "description": "Initial construction of a network connection, such as capturing socket information with a source/destination IP and port(s) (ex: Windows EID 5156, Sysmon EID 3, or Zeek conn.log)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.1",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
-      "created": "2021-10-20T15:05:19.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-13T20:47:52.557Z",
-      "name": "System Notifications",
-      "description": "Notifications generated by the OS",
-      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
-      "created": "2023-03-13T20:47:52.557Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2022-09-30T21:05:22.490Z",
-      "name": "Operation Dust Storm",
-      "description": "[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm)\n\n[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)",
-      "aliases": [
-        "Operation Dust Storm"
-      ],
-      "first_seen": "2010-01-01T07:00:00.000Z",
-      "last_seen": "2016-02-01T06:00:00.000Z",
-      "x_mitre_first_seen_citation": "(Citation: Cylance Dust Storm)",
-      "x_mitre_last_seen_citation": "(Citation: Cylance Dust Storm)",
-      "x_mitre_deprecated": false,
-      "x_mitre_version": "1.0",
-      "type": "campaign",
-      "id": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
-      "created": "2022-09-29T20:00:38.136Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/campaigns/C0016",
-          "external_id": "C0016"
-        },
-        {
-          "source_name": "Cylance Dust Storm",
-          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
-          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.0.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_domains": [
-        "enterprise-attack",
-        "mobile-attack"
-      ]
-    },
-    {
-      "modified": "2023-03-13T19:59:42.141Z",
-      "name": "Network Communication",
-      "description": "Network requests made by an application or domains contacted",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
-      "created": "2023-03-13T19:59:42.141Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "id": "x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
-      "type": "x-mitre-data-component",
-      "created": "2021-10-20T15:05:19.272Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-20T15:05:19.272Z",
-      "name": "Process Termination",
-      "description": "Exit of a running process (ex: Sysmon EID 5 or Windows EID 4689)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-13T20:47:24.038Z",
-      "name": "Permissions Request",
-      "description": "System prompts triggered when an application requests new or additional permissions",
-      "x_mitre_data_source_ref": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
-      "created": "2023-03-13T20:47:24.038Z",
-      "revoked": false,
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
     {
       "modified": "2023-03-26T17:51:20.401Z",
       "name": "APT28",
@@ -44943,38 +50448,44 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      "modified": "2022-09-30T21:05:22.490Z",
+      "name": "Operation Dust Storm",
+      "description": "[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) was a long-standing persistent cyber espionage campaign that targeted multiple industries in Japan, South Korea, the United States, Europe, and several Southeast Asian countries. By 2015, the [Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors shifted from government and defense-related intelligence targets to Japanese companies or Japanese subdivisions of larger foreign organizations supporting Japan's critical infrastructure, including electricity generation, oil and natural gas, finance, transportation, and construction.(Citation: Cylance Dust Storm)\n\n[Operation Dust Storm](https://attack.mitre.org/campaigns/C0016) threat actors also began to use Android backdoors in their operations by 2015, with all identified victims at the time residing in Japan or South Korea.(Citation: Cylance Dust Storm)",
+      "aliases": [
+        "Operation Dust Storm"
       ],
-      "id": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
-      "type": "x-mitre-data-component",
-      "created": "2021-10-20T15:05:19.274Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "modified": "2021-10-20T15:05:19.274Z",
-      "name": "Network Traffic Content",
-      "description": "Logged network traffic data showing both protocol header and body values (ex: PCAP)",
-      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
-      "x_mitre_version": "1.0",
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2022-10-07T16:14:39.124Z",
-      "name": "Command Execution",
-      "description": "The execution of a line of text, potentially with arguments, created from program code (e.g. a cmdlet executed via powershell.exe, interactive commands like >dir, shell executions, etc. )",
-      "x_mitre_data_source_ref": "x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089",
+      "first_seen": "2010-01-01T07:00:00.000Z",
+      "last_seen": "2016-02-01T06:00:00.000Z",
+      "x_mitre_first_seen_citation": "(Citation: Cylance Dust Storm)",
+      "x_mitre_last_seen_citation": "(Citation: Cylance Dust Storm)",
       "x_mitre_deprecated": false,
-      "x_mitre_version": "1.1",
-      "type": "x-mitre-data-component",
-      "id": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
-      "created": "2021-10-20T15:05:19.273Z",
+      "x_mitre_version": "1.0",
+      "type": "campaign",
+      "id": "campaign--4603cf2f-06d0-4970-9c5d-5071b08c817f",
+      "created": "2022-09-29T20:00:38.136Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
       "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/campaigns/C0016",
+          "external_id": "C0016"
+        },
+        {
+          "source_name": "Cylance Dust Storm",
+          "description": "Gross, J. (2016, February 23). Operation Dust Storm. Retrieved December 22, 2021.",
+          "url": "https://s7d2.scene7.com/is/content/cylance/prod/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Op_Dust_Storm_Report.pdf"
+        }
+      ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "x_mitre_attack_spec_version": "2.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+      "x_mitre_attack_spec_version": "3.0.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ]
     },
     {
       "modified": "2022-10-07T16:15:56.932Z",
@@ -44995,35 +50506,150 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
+      "modified": "2022-10-17T19:51:56.531Z",
+      "name": "Earth Lusca",
+      "description": "[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in China, and cryptocurrency trading platforms; security researchers assess some [Earth Lusca](https://attack.mitre.org/groups/G1006) operations may be financially motivated.(Citation: TrendMicro EarthLusca 2022)\n\n[Earth Lusca](https://attack.mitre.org/groups/G1006) has used malware commonly used by other Chinese threat groups, including [APT41](https://attack.mitre.org/groups/G0096) and the [Winnti Group](https://attack.mitre.org/groups/G0044) cluster, however security researchers assess [Earth Lusca](https://attack.mitre.org/groups/G1006)'s techniques and infrastructure are separate.(Citation: TrendMicro EarthLusca 2022)",
       "aliases": [
-        "Bouncing Golf"
+        "Earth Lusca",
+        "TAG-22"
       ],
-      "x_mitre_domains": [
-        "mobile-attack"
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.0",
+      "type": "intrusion-set",
+      "id": "intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034",
+      "created": "2022-07-01T20:12:30.184Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G1006",
+          "external_id": "G1006"
+        },
+        {
+          "source_name": "TAG-22",
+          "description": "(Citation: Recorded Future TAG-22 July 2021)"
+        },
+        {
+          "source_name": "TrendMicro EarthLusca 2022",
+          "description": "Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.",
+          "url": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf"
+        },
+        {
+          "source_name": "Recorded Future TAG-22 July 2021",
+          "description": "INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.",
+          "url": "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan"
+        }
       ],
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
-      "id": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
-      "type": "intrusion-set",
-      "created": "2020-01-27T16:55:39.688Z",
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2022-10-20T20:18:06.745Z",
+      "name": "Network Connection Creation",
+      "description": "Initial construction of a network connection, such as capturing socket information with a source/destination IP and port(s) (ex: Windows EID 5156, Sysmon EID 3, or Zeek conn.log)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3",
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "x-mitre-data-component",
+      "id": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+      "created": "2021-10-20T15:05:19.274Z",
       "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-09-22T20:43:16.504Z",
+      "name": "Confucius",
+      "description": "[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between [Confucius](https://attack.mitre.org/groups/G0142) and [Patchwork](https://attack.mitre.org/groups/G0040), particularly in their respective custom malware code and targets.(Citation: TrendMicro Confucius APT Feb 2018)(Citation: TrendMicro Confucius APT Aug 2021)(Citation: Uptycs Confucius APT Jan 2021)",
+      "aliases": [
+        "Confucius",
+        "Confucius APT"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_version": "1.1",
+      "type": "intrusion-set",
+      "id": "intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f",
+      "created": "2021-12-26T23:11:39.442Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
       "external_references": [
         {
-          "external_id": "G0097",
           "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/groups/G0097"
+          "url": "https://attack.mitre.org/groups/G0142",
+          "external_id": "G0142"
         },
         {
-          "source_name": "Trend Micro Bouncing Golf 2019",
-          "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/",
-          "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign ‘Bouncing Golf’ Affects Middle East. Retrieved January 27, 2020."
+          "source_name": "TrendMicro Confucius APT Feb 2018",
+          "description": "Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group's Cyberespionage Operations. Retrieved December 26, 2021.",
+          "url": "https://www.trendmicro.com/en_us/research/18/b/deciphering-confucius-cyberespionage-operations.html"
+        },
+        {
+          "source_name": "TrendMicro Confucius APT Aug 2021",
+          "description": "Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021.",
+          "url": "https://www.trendmicro.com/en_us/research/21/h/confucius-uses-pegasus-spyware-related-lures-to-target-pakistani.html"
+        },
+        {
+          "source_name": "Uptycs Confucius APT Jan 2021",
+          "description": "Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.",
+          "url": "https://www.uptycs.com/blog/confucius-apt-deploys-warzone-rat"
         }
       ],
-      "modified": "2020-03-26T20:58:44.722Z",
-      "name": "Bouncing Golf",
-      "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) is a cyberespionage campaign targeting Middle Eastern countries.(Citation: Trend Micro Bouncing Golf 2019)",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-09-26T14:34:08.342Z",
+      "name": "MoustachedBouncer",
+      "description": "[MoustachedBouncer](https://attack.mitre.org/groups/G1019) is a cyberespionage group that has been active since at least 2014 targeting foreign embassies in Belarus.(Citation: MoustachedBouncer ESET August 2023)",
+      "aliases": [
+        "MoustachedBouncer"
+      ],
+      "x_mitre_deprecated": false,
       "x_mitre_version": "1.0",
+      "type": "intrusion-set",
+      "id": "intrusion-set--7251b44b-6072-476c-b8d9-a6e32c355b28",
+      "created": "2023-09-25T18:11:05.672Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/groups/G1019",
+          "external_id": "G1019"
+        },
+        {
+          "source_name": "MoustachedBouncer ESET August 2023",
+          "description": "Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.",
+          "url": "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -45048,7 +50674,23 @@
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
-      "modified": "2023-03-08T22:12:31.238Z",
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "id": "x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
+      "type": "x-mitre-data-component",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "modified": "2021-10-20T15:05:19.272Z",
+      "name": "Process Termination",
+      "description": "Exit of a running process (ex: Sysmon EID 5 or Windows EID 4689)",
+      "x_mitre_data_source_ref": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
+      "x_mitre_version": "1.0",
+      "x_mitre_attack_spec_version": "2.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
+    {
+      "modified": "2023-10-06T14:13:06.011Z",
       "name": "Sandworm Team",
       "description": "[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: USDOJ Sandworm Feb 2020)(Citation: NCSC Sandworm Feb 2020)\n\nIn October 2020, the US indicted six GRU Unit 74455 officers associated with [Sandworm Team](https://attack.mitre.org/groups/G0034) for the following cyber operations: the 2015 and 2016 attacks against Ukrainian electrical companies and government organizations, the 2017 worldwide [NotPetya](https://attack.mitre.org/software/S0368) attack, targeting of the 2017 French presidential campaign, the 2018 [Olympic Destroyer](https://attack.mitre.org/software/S0365) attack against the Winter Olympic Games, the 2018 operation against the Organisation for the Prohibition of Chemical Weapons, and attacks against the country of Georgia in 2018 and 2019.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) Some of these were conducted with the assistance of GRU Unit 26165, which is also referred to as [APT28](https://attack.mitre.org/groups/G0007).(Citation: US District Court Indictment GRU Oct 2018)",
       "aliases": [
@@ -45062,7 +50704,7 @@
         "IRIDIUM"
       ],
       "x_mitre_deprecated": false,
-      "x_mitre_version": "3.0",
+      "x_mitre_version": "3.1",
       "x_mitre_contributors": [
         "Dragos Threat Intelligence"
       ],
@@ -45174,125 +50816,11 @@
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
       ],
       "x_mitre_domains": [
+        "enterprise-attack",
         "ics-attack",
-        "enterprise-attack",
         "mobile-attack"
       ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-13T19:30:41.131Z",
-      "name": "Application Vetting",
-      "description": "Application vetting report generated by an external cloud service.",
-      "x_mitre_platforms": [
-        "Android",
-        "iOS"
-      ],
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "x_mitre_collection_layers": [
-        "Report"
-      ],
-      "type": "x-mitre-data-source",
-      "id": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
-      "created": "2023-03-13T19:30:41.131Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/datasources/DS0041",
-          "external_id": "DS0041"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-03-13T19:36:25.108Z",
-      "name": "User Interface",
-      "description": "Visual activity on the device that could alert the user to potentially malicious behavior.",
-      "x_mitre_platforms": [
-        "Android",
-        "iOS"
-      ],
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.0",
-      "x_mitre_collection_layers": [
-        "Device"
-      ],
-      "type": "x-mitre-data-source",
-      "id": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
-      "created": "2023-03-13T19:36:25.108Z",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/datasources/DS0042",
-          "external_id": "DS0042"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
-    },
-    {
-      "modified": "2023-04-20T18:38:26.515Z",
-      "name": "Process",
-      "description": "Instances of computer programs that are being executed by at least one thread. Processes have memory space for process executables, loaded modules (DLLs or shared libraries), and allocated memory regions containing everything from user input to application-specific data structures(Citation: Microsoft Processes and Threads)",
-      "x_mitre_platforms": [
-        "Linux",
-        "Windows",
-        "macOS",
-        "Android",
-        "iOS"
-      ],
-      "x_mitre_deprecated": false,
-      "x_mitre_domains": [
-        "enterprise-attack",
-        "mobile-attack"
-      ],
-      "x_mitre_version": "1.1",
-      "x_mitre_contributors": [
-        "Center for Threat-Informed Defense (CTID)"
-      ],
-      "x_mitre_collection_layers": [
-        "Host"
-      ],
-      "type": "x-mitre-data-source",
-      "id": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
-      "created": "2021-10-20T15:05:19.272Z",
-      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
-      "revoked": false,
-      "external_references": [
-        {
-          "source_name": "mitre-attack",
-          "url": "https://attack.mitre.org/datasources/DS0009",
-          "external_id": "DS0009"
-        },
-        {
-          "source_name": "Microsoft Processes and Threads",
-          "description": "Microsoft. (2018, May 31). Processes and Threads. Retrieved September 28, 2021.",
-          "url": "https://docs.microsoft.com/en-us/windows/win32/procthread/processes-and-threads"
-        }
-      ],
-      "object_marking_refs": [
-        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-      ],
-      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_attack_spec_version": "3.2.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
     {
@@ -45336,6 +50864,40 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-03-13T19:30:41.131Z",
+      "name": "Application Vetting",
+      "description": "Application vetting report generated by an external cloud service.",
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_collection_layers": [
+        "Report"
+      ],
+      "type": "x-mitre-data-source",
+      "id": "x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203",
+      "created": "2023-03-13T19:30:41.131Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/datasources/DS0041",
+          "external_id": "DS0041"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2023-04-20T18:38:13.356Z",
       "name": "Network Traffic",
@@ -45381,6 +50943,40 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-03-13T19:36:25.108Z",
+      "name": "User Interface",
+      "description": "Visual activity on the device that could alert the user to potentially malicious behavior.",
+      "x_mitre_platforms": [
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.0",
+      "x_mitre_collection_layers": [
+        "Device"
+      ],
+      "type": "x-mitre-data-source",
+      "id": "x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8",
+      "created": "2023-03-13T19:36:25.108Z",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/datasources/DS0042",
+          "external_id": "DS0042"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "modified": "2023-04-20T18:38:00.625Z",
       "name": "Command",
@@ -45436,6 +51032,52 @@
       "x_mitre_attack_spec_version": "3.1.0",
       "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
     },
+    {
+      "modified": "2023-04-20T18:38:26.515Z",
+      "name": "Process",
+      "description": "Instances of computer programs that are being executed by at least one thread. Processes have memory space for process executables, loaded modules (DLLs or shared libraries), and allocated memory regions containing everything from user input to application-specific data structures(Citation: Microsoft Processes and Threads)",
+      "x_mitre_platforms": [
+        "Linux",
+        "Windows",
+        "macOS",
+        "Android",
+        "iOS"
+      ],
+      "x_mitre_deprecated": false,
+      "x_mitre_domains": [
+        "enterprise-attack",
+        "mobile-attack"
+      ],
+      "x_mitre_version": "1.1",
+      "x_mitre_contributors": [
+        "Center for Threat-Informed Defense (CTID)"
+      ],
+      "x_mitre_collection_layers": [
+        "Host"
+      ],
+      "type": "x-mitre-data-source",
+      "id": "x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22",
+      "created": "2021-10-20T15:05:19.272Z",
+      "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+      "revoked": false,
+      "external_references": [
+        {
+          "source_name": "mitre-attack",
+          "url": "https://attack.mitre.org/datasources/DS0009",
+          "external_id": "DS0009"
+        },
+        {
+          "source_name": "Microsoft Processes and Threads",
+          "description": "Microsoft. (2018, May 31). Processes and Threads. Retrieved September 28, 2021.",
+          "url": "https://docs.microsoft.com/en-us/windows/win32/procthread/processes-and-threads"
+        }
+      ],
+      "object_marking_refs": [
+        "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+      ],
+      "x_mitre_attack_spec_version": "3.1.0",
+      "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+    },
     {
       "object_marking_refs": [
         "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
diff --git a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
index 102b9e7e22..da2ea2aeb1 100644
--- a/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
+++ b/mobile-attack/relationship/relationship--0008005f-ca51-47c3-8369-55ee5de1c65a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef2b05e8-aa8a-4a2f-8060-24f4a315a0de",
+    "id": "bundle--6514e9ed-ac5d-4f6a-a3d0-c4434557f9ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json b/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json
index 0a6415f051..1426d1c55f 100644
--- a/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json
+++ b/mobile-attack/relationship/relationship--006b3910-e9c3-4de8-ba49-dff36b1a3308.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2877fc6-fa7f-4307-9927-61a8d17e430b",
+    "id": "bundle--a0b72a2e-abac-4fbb-8079-923b77fea649",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
index dd936d881c..736a15e900 100644
--- a/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
+++ b/mobile-attack/relationship/relationship--00dc2b34-1b74-4dae-b6e4-b676528d6341.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7105a463-8b65-4754-b181-a255802ae64d",
+    "id": "bundle--688b32df-d6d2-4c72-be15-5850ff6061f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
index e5f82b1a67..cb097b60ee 100644
--- a/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
+++ b/mobile-attack/relationship/relationship--0100020b-97d4-4657-bc71-c6a1774055a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7aa75c95-3d29-4d6a-a84d-85333e380d9f",
+    "id": "bundle--2170ea90-ef70-4c18-8f3e-75a973113d93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
index f87fdc75af..f5d029eaac 100644
--- a/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
+++ b/mobile-attack/relationship/relationship--01965668-d033-4aca-a8e5-71a07070e266.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f580ea0-a6a0-4b26-b50b-880824da90f8",
+    "id": "bundle--bb941fc8-bb72-4a35-8b9b-ce4ce8811872",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--01fd0686-d67f-4396-8812-3533063dd6b4.json b/mobile-attack/relationship/relationship--01fd0686-d67f-4396-8812-3533063dd6b4.json
new file mode 100644
index 0000000000..59e12ef3a0
--- /dev/null
+++ b/mobile-attack/relationship/relationship--01fd0686-d67f-4396-8812-3533063dd6b4.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--a220fad9-f0c9-4a8c-9fcb-3d4a069e2a21",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--01fd0686-d67f-4396-8812-3533063dd6b4",
+            "created": "2023-08-16T16:38:47.766Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:38:47.766Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can remove artifacts of its presence and uninstall itself.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
index 23d6aa9bed..6d5be07cd2 100644
--- a/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
+++ b/mobile-attack/relationship/relationship--020a1aaa-a444-4f3c-a08b-f1369be276f2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61f19102-48d0-4081-8286-ae793f742605",
+    "id": "bundle--7a834e65-62dc-44e1-b336-1f7dcd9cf8e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
index cfa09234be..f062f074a6 100644
--- a/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
+++ b/mobile-attack/relationship/relationship--020f79c6-d5f8-49eb-beee-e716e1fa4e80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95147ff5-d828-4dfe-833e-3cf6f4262510",
+    "id": "bundle--515925c7-7983-4937-b98f-f9f72ed39005",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json b/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json
index ade3f8786a..dd0890dd61 100644
--- a/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json
+++ b/mobile-attack/relationship/relationship--021ca5c4-7e8a-439b-8c2e-38f817db63e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e4e8111-6898-4a1d-aa27-6e74943453a6",
+    "id": "bundle--200812a8-1da1-4863-bc53-27d7705c6f06",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
index 756e801ad8..4cf914e9c7 100644
--- a/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
+++ b/mobile-attack/relationship/relationship--022e941f-30c3-45a9-9f6f-36e704b80060.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbc6dd99-b3ff-4114-a1b0-229ca95d65ef",
+    "id": "bundle--e63b7d7b-6835-4f82-b20f-b5e810bb3526",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
index a36e871e72..bbbbe30577 100644
--- a/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
+++ b/mobile-attack/relationship/relationship--024f9ee4-cb7d-49f4-b180-ad1e5e168a4c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--436cfd1d-17fd-4d05-ba75-93a0e7d800aa",
+    "id": "bundle--e66151a0-68da-4523-9b2a-4be05e46cdbc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
index a4da1f9ad2..349d2d4b32 100644
--- a/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
+++ b/mobile-attack/relationship/relationship--027a36dc-cd9e-4282-b101-b9a0abbb312f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a7935e6-1cdc-4e98-a50c-93a00283fc9c",
+    "id": "bundle--e661f292-4ccd-4e4a-a49d-128c4d992156",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json b/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json
index 3ee7c2f2d9..7aff864199 100644
--- a/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json
+++ b/mobile-attack/relationship/relationship--0291c9d5-8977-420d-8374-b786e3095a73.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--60c68bb9-5f3c-4c27-b849-f655aaceaf8b",
+    "id": "bundle--51d7ae89-fdda-42d5-b939-c1ba7e89e015",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--0291c9d5-8977-420d-8374-b786e3095a73",
             "created": "2023-03-20T18:49:53.204Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:49:53.204Z",
-            "description": "",
+            "modified": "2023-08-08T15:34:15.917Z",
+            "description": "Mobile security products can potentially utilize device APIs to determine if a device has been rooted or jailbroken.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
index bba4e1b1d4..a2f83cfddd 100644
--- a/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
+++ b/mobile-attack/relationship/relationship--02b3c8fe-1539-4c77-b67e-07fa8a22c91e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4e3731d-da40-4c81-8b7f-f9e40642aa3f",
+    "id": "bundle--a341b4d6-aa3e-4797-b345-21a072613297",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
index 2bca702cce..00c90c1bd7 100644
--- a/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
+++ b/mobile-attack/relationship/relationship--02b5cb07-9eb5-4e47-a4df-9c3985ad70fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8bd11247-a65b-487b-9e47-4c142356acfc",
+    "id": "bundle--75b4d0d3-2c01-4756-b85f-af2e40fb82c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
index e765b091a0..36067b3730 100644
--- a/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
+++ b/mobile-attack/relationship/relationship--02e4aedc-0674-4598-948b-0a32758af9ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd8aa277-23e5-465c-be60-eaafcdd1b684",
+    "id": "bundle--1a037149-359f-403c-b11b-4c0206f0d7e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
index 32f538c30e..959f8c642b 100644
--- a/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
+++ b/mobile-attack/relationship/relationship--03038590-e0c3-4751-b6fb-8a9ffff27e1b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1450b511-32b0-4b91-8d08-c18febd01faa",
+    "id": "bundle--a473b9c6-a4ee-4ea5-8159-665e62c1e320",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
index 3324f1efe9..1d79503064 100644
--- a/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
+++ b/mobile-attack/relationship/relationship--03172b09-4f97-4fb8-95f0-92b2d8957408.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1682386b-dcdd-4fbf-8593-f80f900253c3",
+    "id": "bundle--8e650820-8b72-4146-894b-883a70520c3c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
index 91e379abc5..8c67f297a5 100644
--- a/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
+++ b/mobile-attack/relationship/relationship--0330db55-06e0-45a2-85a6-17617a37fdaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--742fcfe1-4a75-4edc-946a-1015f60fbdbc",
+    "id": "bundle--ecc9b78f-a627-43ab-a556-d14017141c40",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
index 96dc99ccab..5a9da60f4c 100644
--- a/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
+++ b/mobile-attack/relationship/relationship--035192e3-94f4-426d-9be9-312ddd1ce6a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd100834-eac2-4130-b0d6-c5cb87001d61",
+    "id": "bundle--ab61a45d-2dee-45ec-80fd-6f019698c74f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
index 42922abd28..1bcb5f1279 100644
--- a/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
+++ b/mobile-attack/relationship/relationship--03ff6271-d7bc-40f3-b83d-25c541333694.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b807a8cc-e1bd-4c26-b77c-16bdc7364e8b",
+    "id": "bundle--eb4d0d0c-7e76-4ee3-aff9-ca51a3ca791d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
index dd9f82123a..0fb93ce51c 100644
--- a/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
+++ b/mobile-attack/relationship/relationship--042a4f26-612e-4ed5-b7f3-911a47ec5d71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba3f407d-f4ab-4b76-9412-af94cbd2109f",
+    "id": "bundle--0597dec5-2f9b-47c2-aea4-b1be2d8c8aea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
index 7758d89a95..307055e0c9 100644
--- a/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
+++ b/mobile-attack/relationship/relationship--04530307-22d8-4a06-9056-55eea225fabb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e56f2a06-1106-446c-bd87-c5db2dbc53b1",
+    "id": "bundle--9c2b665e-764a-4235-a957-589d738af1fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json b/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json
index 6ba46277d8..a6bdf5969a 100644
--- a/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json
+++ b/mobile-attack/relationship/relationship--046acda0-91de-4385-bcfb-157570d8e51d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64a243f6-e88f-4134-9b3e-9d7339b08168",
+    "id": "bundle--0e87005b-3db9-4046-bd04-f8f83b6c4f82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
index a744d6ce83..93cf467184 100644
--- a/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
+++ b/mobile-attack/relationship/relationship--049a5149-00c9-492a-8ffb-463f3d0cd910.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3cf8e3e8-7f29-4669-9357-f38537838740",
+    "id": "bundle--c3348918-3a50-44e1-842b-43b870fe0834",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
index 31796eaf90..f47e0a910f 100644
--- a/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
+++ b/mobile-attack/relationship/relationship--049b0c71-63e3-47ce-bb0b-149df0344b15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2b37c5b4-0503-4d43-b195-a0e229546cfb",
+    "id": "bundle--1231c2ba-2929-4bd4-a0a6-ff1b239026ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
index 753d334e68..314d6e43bc 100644
--- a/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
+++ b/mobile-attack/relationship/relationship--049c39ab-c036-457a-9b8f-4318416658b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c08975ba-a60f-411f-952a-fb6dc0f99953",
+    "id": "bundle--7c2012bf-3742-469a-b829-e17c01cb256e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
index e8b1516bed..b560f09748 100644
--- a/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
+++ b/mobile-attack/relationship/relationship--04ae1d87-1741-4cfd-84ff-3c5e46c0b112.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ace3362-3f72-418e-995d-cd96cc326ba6",
+    "id": "bundle--e85bcd23-8bcb-44b2-950f-da65ace304d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json b/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json
index f4fa98fb37..eafb796dee 100644
--- a/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json
+++ b/mobile-attack/relationship/relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--53435d78-83d2-4db9-8b07-ac740f111868",
+    "id": "bundle--5cbf7c0b-0fe2-4919-8212-df7e67554058",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--04ec5f2f-b14f-46ae-b151-05f9b7af0bcc",
             "created": "2023-03-20T18:37:57.767Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:37:57.767Z",
-            "description": "",
+            "modified": "2023-08-09T14:53:48.653Z",
+            "description": "Application vetting services could look for applications attempting to get `android.os.SystemProperties` or `getprop` with the runtime `exec()` commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--27d18e87-8f32-4be1-b456-39b90454360f",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
index 74f2c16078..ceab93c8a9 100644
--- a/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
+++ b/mobile-attack/relationship/relationship--04eeed4b-e0fc-4fff-8c61-4c175f26a0fe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7241d18-a529-4e82-827b-314cdcc2b386",
+    "id": "bundle--56a7862f-8159-494d-97f5-5af479131f10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
index a6d8e44d6e..564d89db39 100644
--- a/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
+++ b/mobile-attack/relationship/relationship--05243ccb-0aeb-4db4-bb03-51a65fb715ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5e84d8bb-a856-4d4f-93c5-69cc87bff351",
+    "id": "bundle--3d74f55f-ca0f-4688-8df4-4f9d446e9a46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
index 3d5483156e..7487fa25e6 100644
--- a/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
+++ b/mobile-attack/relationship/relationship--05563777-5771-4bd6-a1af-3e244cf42372.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b7b6615-a2b1-447f-a800-30825c31aa8b",
+    "id": "bundle--f79b3b2a-df9d-48af-90d7-ee6741ad9dae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
index f547285472..63c180f627 100644
--- a/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
+++ b/mobile-attack/relationship/relationship--0569a1e0-1eb5-4e87-ae09-b698571012ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--60fb0e40-a9cd-407d-8b36-6ac70f5ace90",
+    "id": "bundle--34c56c24-aa9b-4e22-b908-668643382350",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--05c36a8c-1526-4d5d-93c1-331fd132c30b.json b/mobile-attack/relationship/relationship--05c36a8c-1526-4d5d-93c1-331fd132c30b.json
new file mode 100644
index 0000000000..5def3c8239
--- /dev/null
+++ b/mobile-attack/relationship/relationship--05c36a8c-1526-4d5d-93c1-331fd132c30b.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--84ae42e3-5733-4d9b-84b1-44694aafa56e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--05c36a8c-1526-4d5d-93c1-331fd132c30b",
+            "created": "2023-09-21T19:38:21.735Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T19:38:21.735Z",
+            "description": "Mobile security products may provide URL inspection services that could determine if a domain being visited is malicious.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
+            "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
index c90ab1f076..d92b5ad281 100644
--- a/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
+++ b/mobile-attack/relationship/relationship--05c57e75-04b8-4bf6-8022-2e89f74e4b76.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9ef43ea-b205-4e44-8cdf-0c474527bbe1",
+    "id": "bundle--d4491947-9e91-449c-b9c8-08cc243ec7a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
index f76192f01e..fac9f11d83 100644
--- a/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
+++ b/mobile-attack/relationship/relationship--06348e22-9a06-4e4c-a57c-e438462e7fce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed18ae1d-2d17-49cb-aa60-c1c8af7cdd7b",
+    "id": "bundle--56dbf536-9966-4bdd-8ebd-55fcd42a4f47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
index 10a96d8659..bcfcd1dc86 100644
--- a/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
+++ b/mobile-attack/relationship/relationship--069b2328-442b-491e-962d-d3fe01f0549e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1cacf883-68c7-44df-ac68-8ba09e0c99bd",
+    "id": "bundle--f8ee2906-7ee7-4fc2-9254-501612dfd3f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--06e2e07f-7835-4ef8-bcc0-bb5e2886839d.json b/mobile-attack/relationship/relationship--06e2e07f-7835-4ef8-bcc0-bb5e2886839d.json
new file mode 100644
index 0000000000..9bf86dd1e8
--- /dev/null
+++ b/mobile-attack/relationship/relationship--06e2e07f-7835-4ef8-bcc0-bb5e2886839d.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--9d00c507-61ed-4c6f-9422-50ee3e604457",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--06e2e07f-7835-4ef8-bcc0-bb5e2886839d",
+            "created": "2023-08-16T16:40:14.482Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:40:14.482Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather basic device information such as version, model, root status, and country.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
index 72375a3e0b..f0359b4cfa 100644
--- a/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
+++ b/mobile-attack/relationship/relationship--07036963-6f5e-4eb5-9b20-3f81dd582c85.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53a8b3c9-4691-4d22-974d-689553037717",
+    "id": "bundle--242b4ed7-d384-46ad-b264-11e62ac9029a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json b/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json
index 4131826d24..a485a23eb3 100644
--- a/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json
+++ b/mobile-attack/relationship/relationship--0727ac06-5b46-4f79-abe9-63c1b923d383.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--48d233c6-99a2-4e33-a238-c8eb4a9fdfd2",
+    "id": "bundle--ed103808-64c5-478e-938e-4a835fc7a2a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
index bb560afdd4..cd6c747329 100644
--- a/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
+++ b/mobile-attack/relationship/relationship--078653a6-3613-4923-ae5a-1bccb8552e67.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5dc712c4-0005-4af2-83a0-26d64e4c1c31",
+    "id": "bundle--c6c05a6a-d360-42d4-8a6e-41fa3d0ddbbb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
index 9071c4f7ec..45a10ff97d 100644
--- a/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
+++ b/mobile-attack/relationship/relationship--0791f28b-d06f-4fee-9cdb-85a6fd2eed61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--45d05a23-5a1d-46a8-bb26-054e638aeae8",
+    "id": "bundle--6d795603-bd2c-427a-ab8d-0b88218fe609",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
index 9aa81e372d..8803eeffc3 100644
--- a/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
+++ b/mobile-attack/relationship/relationship--079911c5-0db9-4eb2-ab85-6ed6e118fbbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5591ec38-9e85-4a31-897d-089f0721416e",
+    "id": "bundle--c5061935-4028-4513-8dc7-8093d2a75380",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07c727a6-6323-477a-bb55-34e130959b4e.json b/mobile-attack/relationship/relationship--07c727a6-6323-477a-bb55-34e130959b4e.json
new file mode 100644
index 0000000000..c371abbb27
--- /dev/null
+++ b/mobile-attack/relationship/relationship--07c727a6-6323-477a-bb55-34e130959b4e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--8879315b-0c99-4b29-bc7a-6f08557d3c71",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--07c727a6-6323-477a-bb55-34e130959b4e",
+            "created": "2023-10-10T15:33:57.556Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bitdefender Mandrake",
+                    "description": "R. Gevers, M. Tivadar, R. Bleotu, A. M. Barbatei, et al.. (2020, May 14). Uprooting Mandrake: The Story of an Advanced Android Spyware Framework That Went Undetected for 4 Years. Retrieved July 15, 2020.",
+                    "url": "https://www.bitdefender.com/files/News/CaseStudies/study/329/Bitdefender-PR-Whitepaper-Mandrake-creat4464-en-EN-interactive.pdf"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.556Z",
+            "description": "[Mandrake](https://attack.mitre.org/software/S0485) can mimic an app called \u201cStorage Settings\u201d if it cannot hide its icon.(Citation: Bitdefender Mandrake)",
+            "relationship_type": "uses",
+            "source_ref": "malware--52c994fa-b6c8-45a8-9586-a4275cf19307",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
index 7142b788c5..db2283cf92 100644
--- a/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
+++ b/mobile-attack/relationship/relationship--07dd3318-2965-4085-be64-a8e956c7b8da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--372a39cc-587a-4cb2-8613-9725a4cc797b",
+    "id": "bundle--cc422cb0-3304-4e3f-9d88-738478cc3776",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
index f36bd6f9aa..897fa666b5 100644
--- a/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
+++ b/mobile-attack/relationship/relationship--07fd2c39-c3e2-4044-b00b-71250cd7df2e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--42a4d5cf-8ff6-4b50-91bb-4bacd86494e7",
+    "id": "bundle--d7ade032-8b45-48ae-997a-96d44ab22f72",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json b/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json
index 79078a1e3e..6af87597d5 100644
--- a/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json
+++ b/mobile-attack/relationship/relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--7148eebf-96eb-4a77-950e-914ef64b4e17",
+    "id": "bundle--c6047486-9edd-47f8-b18c-e4cfb3ad9416",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--0800f6bf-00c5-46d8-b876-1eeeb81b741f",
             "created": "2023-03-20T15:55:32.395Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:55:32.395Z",
-            "description": "",
+            "modified": "2023-08-14T16:45:55.097Z",
+            "description": "Application vetting services could look for use of standard APIs (e.g. the clipboard API) that could indicate data manipulation is occurring.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--c548d8c4-a0a3-4a24-bb79-2a84abbc7b36",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
index 28d39593cd..768fff5657 100644
--- a/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
+++ b/mobile-attack/relationship/relationship--084786ee-9384-4a00-9e1b-48f94ea70126.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--47c2a313-3c65-41c1-bce9-7bf5e0245a53",
+    "id": "bundle--d3062908-3057-4506-b81f-6ff65e439d00",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json b/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json
index 31a25e655d..7f0c03aea9 100644
--- a/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json
+++ b/mobile-attack/relationship/relationship--085f8397-0233-42d7-855e-3dbd709f2eca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40789f29-434e-4bcf-9ad8-2ab627163460",
+    "id": "bundle--cd1f8551-ad23-446f-a4cd-1e6717582c5d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json b/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json
index 938acd47e6..43e1b97c1e 100644
--- a/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json
+++ b/mobile-attack/relationship/relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--94904af2-f2eb-4ebc-bb26-185662aed1a9",
+    "id": "bundle--14bc2703-c32b-41ee-bdc8-941ee75af42b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--086c4c17-dde7-4a1f-90d1-79eb32f3c11f",
             "created": "2023-03-20T18:58:33.787Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:58:33.787Z",
-            "description": "",
+            "modified": "2023-08-10T22:15:45.239Z",
+            "description": "Application vetting services could look for `android.permission.READ_SMS` in an Android application\u2019s manifest. Most applications do not need access to SMS messages, so extra scrutiny could be applied to those that request it. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
index d99a88bc71..e3fd2f0a59 100644
--- a/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
+++ b/mobile-attack/relationship/relationship--087609b6-cc6c-402f-ada9-00dbcbfecbe8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4cf8e721-11ec-4476-973d-f5982c641d5f",
+    "id": "bundle--bd6d4c18-0a34-448b-bb32-25b4df4c4c41",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--088c74f5-4b43-48aa-a2be-275f0c02ffc8.json b/mobile-attack/relationship/relationship--088c74f5-4b43-48aa-a2be-275f0c02ffc8.json
new file mode 100644
index 0000000000..f0f56aedee
--- /dev/null
+++ b/mobile-attack/relationship/relationship--088c74f5-4b43-48aa-a2be-275f0c02ffc8.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--0622a525-a078-4d33-8922-b4e2be0e0352",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--088c74f5-4b43-48aa-a2be-275f0c02ffc8",
+            "created": "2023-07-21T19:38:06.254Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:38:06.254Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can retrieve account information for third party services, such as Google, Telegram, WeChat, or WhatsApp.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json b/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json
index 38ba9899d2..2dbe8c0bc6 100644
--- a/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json
+++ b/mobile-attack/relationship/relationship--08a43019-d393-451f-a23c-2dfa17ec40b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f089ba5f-31af-42bc-9085-c4368a4a8df2",
+    "id": "bundle--41b5d074-0319-4de4-ba8c-18b0f3d77b55",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
index c0e8f6bc2c..7a3e445890 100644
--- a/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
+++ b/mobile-attack/relationship/relationship--08c81253-975c-4780-8e85-c72bc6a90c88.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--627c25e1-2097-465e-bf5b-140eb87ff4c4",
+    "id": "bundle--e250b79b-b5f4-403f-a6d3-b3b5142a582c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
index 2ea4839e8e..74720aa0e7 100644
--- a/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
+++ b/mobile-attack/relationship/relationship--08f1a4b1-96c9-44c2-bc5b-5a779541213b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f851edf-41ad-48c8-afdf-40e8a83478f1",
+    "id": "bundle--084d4ed2-4e1e-4d20-aae8-3e9a6d2135ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
index 2d3b445a68..2627b39d99 100644
--- a/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
+++ b/mobile-attack/relationship/relationship--0972d3cf-717e-4ed2-a89d-9cbe61081956.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ef208d0-2ddd-42d8-9ea0-f313f3272e52",
+    "id": "bundle--41d76672-ea03-4819-883c-6072769a9cc9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
index 950c158a0c..14af658cef 100644
--- a/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
+++ b/mobile-attack/relationship/relationship--0993769f-63fb-4720-bbcf-e6f37f71515e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2103a07-4a8a-4b15-9de4-8df32c9cba03",
+    "id": "bundle--c55c2ded-eb69-4708-8fc4-7e3508d7c489",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--09ad7d9f-d618-46c2-a9f3-e4a943245a72.json b/mobile-attack/relationship/relationship--09ad7d9f-d618-46c2-a9f3-e4a943245a72.json
new file mode 100644
index 0000000000..c382df77ae
--- /dev/null
+++ b/mobile-attack/relationship/relationship--09ad7d9f-d618-46c2-a9f3-e4a943245a72.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--dc0e6aff-cc53-4546-8ae7-279aff497e46",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--09ad7d9f-d618-46c2-a9f3-e4a943245a72",
+            "created": "2023-09-21T19:37:48.020Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T19:37:48.020Z",
+            "description": "Users can be trained to identify social engineering techniques and phishing emails.",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+            "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
index c688d84808..a2dfe34205 100644
--- a/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
+++ b/mobile-attack/relationship/relationship--09c55c29-ce4f-4d3e-a940-f3a4b6f07bca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af2b0e75-97ff-423c-8a2b-42a38e6bf492",
+    "id": "bundle--cbd09cd2-b665-4cb1-b2d4-e99736322cc0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json b/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json
index 3a7283806d..f736cd4d5b 100644
--- a/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json
+++ b/mobile-attack/relationship/relationship--09c6bbd4-9058-4657-9d8e-656439637ac6.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--68170f1a-5445-441b-839f-bb42baf161b6",
+    "id": "bundle--95267e35-ff15-41ea-8a12-ed9c22908358",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--09c6bbd4-9058-4657-9d8e-656439637ac6",
             "created": "2023-03-16T18:32:47.895Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:32:47.895Z",
-            "description": "",
+            "modified": "2023-08-10T22:15:16.326Z",
+            "description": "Application vetting services could look for `android.permission.READ_CALL_LOG` in an Android application\u2019s manifest. Most applications do not need call log access, so extra scrutiny could be applied to those that request it. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json b/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json
index 0958acd182..b2d8054f52 100644
--- a/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json
+++ b/mobile-attack/relationship/relationship--09d08f16-9e4d-4279-9a8c-bdda7afdb37d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3a4cbbf6-addd-47a0-a686-2f6821184a92",
+    "id": "bundle--42777926-b9ea-4c68-ad33-4232795a94d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
index 5d68139059..f6f2e8de93 100644
--- a/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
+++ b/mobile-attack/relationship/relationship--0a28b2f2-ca0e-4d9f-9840-26e8ce944012.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9cc206dc-293e-46b2-b25f-a8ab307c717c",
+    "id": "bundle--d0729b24-04b5-40cf-88ca-cd03aaad0d8d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
index 756e07134f..9eb8dff2b3 100644
--- a/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
+++ b/mobile-attack/relationship/relationship--0a2e4b01-e78f-4c05-b157-c6714d34fddb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2dbd03b-c809-4654-8ed4-c53cb81ff869",
+    "id": "bundle--1291e7a0-aafc-4ffb-8068-3fc6fd505a7b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
index 319f2d4ffd..3343d263bc 100644
--- a/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
+++ b/mobile-attack/relationship/relationship--0a610208-06af-425f-a9af-cd0899261e33.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--143575da-d92d-4a7f-bb7d-aea23b1a502c",
+    "id": "bundle--89b7f70e-e19f-4faf-8101-1fe648f84c75",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
index 794f9ee0fa..f5d01aea5f 100644
--- a/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
+++ b/mobile-attack/relationship/relationship--0a737289-c62d-4c0a-a857-6d116f774864.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af395967-47dd-4edd-bc2c-3b6f81765a3c",
+    "id": "bundle--bada9427-7826-465b-aa1b-1168319ce2bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json b/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json
index 63d12b7eda..7706519904 100644
--- a/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json
+++ b/mobile-attack/relationship/relationship--0ae94053-1963-45ba-a3a9-62e508281c8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0933e6a-5fed-4c14-a544-49972b5e97c2",
+    "id": "bundle--8416d807-08b3-4811-905b-a49f7fff2197",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
index 5163a43be9..c0f1394847 100644
--- a/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
+++ b/mobile-attack/relationship/relationship--0b1aae4b-4dcd-41b6-a708-1441e5a24070.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c78528f8-0ab7-4ff6-a1af-0de4ad302bb9",
+    "id": "bundle--ccae4aff-f706-4e24-ac33-fb1772e42fdd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
index 264add20e3..3a1b64043e 100644
--- a/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
+++ b/mobile-attack/relationship/relationship--0b1e5e78-9ee1-4fc3-9fe7-dc069b59e77d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca3f8c50-f095-4118-9aea-8acfec6a0048",
+    "id": "bundle--f1dcffd0-ad89-47d5-95df-06a869ad4c21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json b/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json
index ff50f4ccc4..b48e0dfa8c 100644
--- a/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json
+++ b/mobile-attack/relationship/relationship--0b1f2735-97d9-4f4a-9967-9fa1464bb651.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4049c77a-33e9-4892-9e0d-27b409b371aa",
+    "id": "bundle--9d2d8017-8ae4-4053-8ed4-cf93bce06b67",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json b/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json
index 0781c0fed4..f0b3553fd5 100644
--- a/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json
+++ b/mobile-attack/relationship/relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--f1ce5813-cf64-4c8d-b8a2-27ae0aa50841",
+    "id": "bundle--53f8ab6c-e8ce-45c8-a4e9-3e7e985b3269",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--0b531974-1a28-4f16-ba34-1f7c8371b6b2",
             "created": "2023-03-20T15:28:54.837Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:28:54.837Z",
-            "description": "",
+            "modified": "2023-08-07T17:15:34.376Z",
+            "description": "Usage of insecure or malicious third-party libraries could be detected by application vetting services. Malicious software development tools could be detected by enterprises that deploy endpoint protection software on computers that are used to develop mobile apps. Application vetting could detect the usage of insecure or malicious third-party libraries.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--7827ced0-95e7-4d05-bdcf-0d8f2d37a3d3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
index 085fc10559..7beb337e3d 100644
--- a/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
+++ b/mobile-attack/relationship/relationship--0b5bfa77-51b4-41b4-ae03-88b585d143c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c66e6a5f-7bb1-4744-9f46-0d4ba413b916",
+    "id": "bundle--08de077d-7d42-4017-b742-c980ed920835",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
index 68e9802592..ef0a095182 100644
--- a/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
+++ b/mobile-attack/relationship/relationship--0b693e45-cc20-45a9-846f-2f5f4d3a3253.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25a8fe1c-dde3-4983-bd98-5bae1e93ba1c",
+    "id": "bundle--59490cf9-be85-4047-af1d-6b49d513f50f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
index 3084d6b49a..34c11190b8 100644
--- a/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
+++ b/mobile-attack/relationship/relationship--0bb6f851-4302-4936-a98e-d23feecb234d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61f10f6d-ebb5-4fee-a8ba-d2b9c886ef9b",
+    "id": "bundle--ac18964f-fa57-4c37-87f6-299ba4736542",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
index c8c025ab7f..d8879863bf 100644
--- a/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
+++ b/mobile-attack/relationship/relationship--0bbe5936-04bf-4c9a-bb43-cd37f36c3349.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3ef401c-9c84-4e71-b65a-4bacd2cf1652",
+    "id": "bundle--e8ffdf7c-8748-4f09-ba12-eb5a5bcfc8c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
index b4fc97829b..05354126b7 100644
--- a/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
+++ b/mobile-attack/relationship/relationship--0bc73d69-e769-4d0f-9d44-368c94225b6e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--35d2c77b-0b5b-4b88-9a81-0ba44c1e421a",
+    "id": "bundle--7b799e18-0c7e-458b-af74-5c2263078ead",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json b/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json
index 63efe1fc0a..3470e6c96f 100644
--- a/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json
+++ b/mobile-attack/relationship/relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--8bf7096a-bbf7-4934-92ec-c836e6310e8d",
+    "id": "bundle--e64a3603-54a3-433b-9c2d-841cae273731",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--0bc73eaf-a771-4ed0-b1f9-081ff4ca73ad",
             "created": "2023-03-20T18:55:03.385Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:55:03.385Z",
-            "description": "",
+            "modified": "2023-08-09T16:44:01.271Z",
+            "description": "Application vetting services could look for the Android permission `android.permission.QUERY_ALL_PACKAGES`, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API `LSApplicationWorkspace` and apply extra scrutiny to applications that employ it.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
index fbbde82597..588d36de32 100644
--- a/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
+++ b/mobile-attack/relationship/relationship--0bcdeb29-6eed-4c96-a9ae-e56aadc4a5db.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--62906a10-2de3-4928-90ba-aa6fafe1c37e",
+    "id": "bundle--b25475c5-2cfb-4eb1-95c8-29b93520cd9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0c417238-738d-4bda-8359-d37d39414ebe.json b/mobile-attack/relationship/relationship--0c417238-738d-4bda-8359-d37d39414ebe.json
new file mode 100644
index 0000000000..e442b4d068
--- /dev/null
+++ b/mobile-attack/relationship/relationship--0c417238-738d-4bda-8359-d37d39414ebe.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--fc31fe5d-c4d4-4d50-a475-5b57dd7070d0",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--0c417238-738d-4bda-8359-d37d39414ebe",
+            "created": "2023-08-04T18:30:41.599Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:30:41.599Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate phone number and IMEI.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
index e651be3816..bdd530e92f 100644
--- a/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
+++ b/mobile-attack/relationship/relationship--0c558826-5cea-422e-8e67-83e53c04d409.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e292aec-d980-48a1-b2c4-c76f094d2cf5",
+    "id": "bundle--23e50dac-99b3-4f5c-ae54-7493c69d0c1f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
index 6552f02930..921de1c05a 100644
--- a/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
+++ b/mobile-attack/relationship/relationship--0cabc5f9-045e-490c-a97f-efe00dbade86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7348e493-26e5-4552-8cdc-176123477b67",
+    "id": "bundle--3060b078-6d31-40aa-ba6a-b8530bc976d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
index b32629f3e7..e47a238639 100644
--- a/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
+++ b/mobile-attack/relationship/relationship--0cae6859-d7d1-483b-b473-4f32084938a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aad38fbf-b5cc-4189-b0ef-af465aaf043d",
+    "id": "bundle--386af0a8-f790-4c79-a1e1-9f1ae46124f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
index a4a7281b5c..2b57b9aecf 100644
--- a/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
+++ b/mobile-attack/relationship/relationship--0ce5bf43-39e1-4afb-a939-1984cc2d235c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87ff7c6c-6d4e-4e7d-a6c0-09dbbffb296e",
+    "id": "bundle--20752c49-0a88-4c95-a399-4049a99bd906",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0cf39d51-2d80-4576-b088-e787b113513e.json b/mobile-attack/relationship/relationship--0cf39d51-2d80-4576-b088-e787b113513e.json
new file mode 100644
index 0000000000..7925d1874a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--0cf39d51-2d80-4576-b088-e787b113513e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--74cf1b95-a726-4fd4-9fc3-5827894a45ac",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--0cf39d51-2d80-4576-b088-e787b113513e",
+            "created": "2023-09-28T17:39:48.745Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Zimperium FlyTrap",
+                    "description": "A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023.",
+                    "url": "https://www.zimperium.com/blog/flytrap-android-malware-compromises-thousands-of-facebook-accounts/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-30T21:05:31.625Z",
+            "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can use HTTP to communicate with the C2 server.(Citation: Zimperium FlyTrap)",
+            "relationship_type": "uses",
+            "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+            "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
index 7057c6bc9f..ee2853a63d 100644
--- a/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
+++ b/mobile-attack/relationship/relationship--0cfbea52-d6ab-467f-97e5-8c74b332b16f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7f37edb-ef63-424e-a774-4134edd46e46",
+    "id": "bundle--b8b74796-8236-48ae-a4b1-acbccd9b2528",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json b/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json
index b785ccb5ed..a176d8ffde 100644
--- a/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json
+++ b/mobile-attack/relationship/relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--92ff7326-c6d0-40e3-8ab9-4b61f11850b9",
+    "id": "bundle--301fa28c-9c1a-4688-b726-3d46d3bb015d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--0d12ee41-9ac0-4083-bc28-6568be4b9d5b",
             "created": "2023-03-20T18:41:56.287Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:41:56.287Z",
-            "description": "",
+            "modified": "2023-08-14T16:50:42.655Z",
+            "description": "On Android, the user can review which applications have Device Administrator access in the device settings and revoke permission where appropriate. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
index 8c7678e305..f2336d8c4e 100644
--- a/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
+++ b/mobile-attack/relationship/relationship--0d2d9c6e-6ac8-4cda-bfa4-cedf26a1760a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--923e03c1-30f3-46f8-a3bc-11b4092ae202",
+    "id": "bundle--b22e219a-812a-459d-99d1-96e9c72a8aa0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
index 7037b77966..9c25bf97dc 100644
--- a/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
+++ b/mobile-attack/relationship/relationship--0d305e1e-df8f-4028-bf6f-1d7fed9e6184.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01e91246-56ec-4ff8-92ed-1ff6d7e418cf",
+    "id": "bundle--adf81350-571b-4d28-88f0-d0bd0b548862",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
index bb82080025..5d99d8936d 100644
--- a/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
+++ b/mobile-attack/relationship/relationship--0d82a9ed-4184-4f95-99f4-5ee467fe6594.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--43e1271c-0e8b-48e8-8dca-f94f9e54a6a8",
+    "id": "bundle--98d92f14-1cee-40b3-b03c-6f0552633014",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json b/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json
index b4a34ea5bf..ba21047564 100644
--- a/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json
+++ b/mobile-attack/relationship/relationship--0e8607f6-daab-44df-b167-105403a4ef41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f38b0fee-d416-481b-a461-ba6529508e12",
+    "id": "bundle--29ee8cc5-cfce-4356-9d21-350c376ca4cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
index 381325a47d..5b4a47161d 100644
--- a/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
+++ b/mobile-attack/relationship/relationship--0e9968b7-ad1e-440d-9fe3-2599a1571f39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5fbbe01-2285-41fb-a562-56d278ec2ab6",
+    "id": "bundle--2e9667eb-bcb2-4281-8cc4-79791907ed33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
index d39b422bec..49b8cf20f0 100644
--- a/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
+++ b/mobile-attack/relationship/relationship--0e9edc13-7af7-43c4-8ec2-636b1f8cb7f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40ec57c2-2481-41ae-b3d7-6b38d6e93b8c",
+    "id": "bundle--75b41836-3284-4acd-bb9e-4f1ed0f85412",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
index 075d603ded..592aab2659 100644
--- a/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
+++ b/mobile-attack/relationship/relationship--0ef4845d-994e-4f0d-9eed-7cf600fc03b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f047e3d-da5e-463c-8b7e-143edde350a4",
+    "id": "bundle--d63142e2-1cfb-4e94-aca2-35d1aa082afa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
index 4d27dbe9cb..769689f242 100644
--- a/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
+++ b/mobile-attack/relationship/relationship--0efe4125-504f-4eea-b19f-a44c81ee31dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c6ed80ce-0a54-4d2d-afe7-301edae5f2fc",
+    "id": "bundle--2192f267-315b-417f-ab7e-c8415a24d14b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json b/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json
index c520b05136..dcf8712551 100644
--- a/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json
+++ b/mobile-attack/relationship/relationship--0f116d99-9ce4-4790-aeda-ad9199d8bf7b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7075f7ba-4819-4aae-9a24-eb3e0873cd47",
+    "id": "bundle--8f567f91-b03a-446f-8d82-9db849170486",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json b/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json
index a14562abc6..703c15b685 100644
--- a/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json
+++ b/mobile-attack/relationship/relationship--0f70bdf1-a6a7-406c-a4c0-cee509ff8369.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1bf146e5-e5da-4437-9aa6-59c2856f0623",
+    "id": "bundle--9080e616-daa1-4765-a37c-c81654d52465",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
index d58b74e896..3d49c308cf 100644
--- a/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
+++ b/mobile-attack/relationship/relationship--0f7e7c29-43f0-4aff-ae83-dfff331915ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41329f0a-e7e1-4f92-a100-d7d38d036e55",
+    "id": "bundle--8c7fa07f-1cc2-4347-96de-e22a1f778bbc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
index 8e1a28d83d..ee049b78de 100644
--- a/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
+++ b/mobile-attack/relationship/relationship--0f949bc5-9f6a-4ec8-a29a-87e309aa08a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c021fba0-519a-4a63-b3f4-40409ba5b63f",
+    "id": "bundle--5423482f-bcd0-404f-a11d-37d78beaf309",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
index ab32a96f37..c25513c0d1 100644
--- a/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
+++ b/mobile-attack/relationship/relationship--0fd34764-8a5d-43da-9bdf-5a0b7e436936.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f799b3bd-0df0-4c52-86cf-ffc7361050d4",
+    "id": "bundle--957f6f4b-0235-4247-9c42-f5e335047711",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
index 08efaa7014..4cefab7e3c 100644
--- a/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
+++ b/mobile-attack/relationship/relationship--10560632-6449-4579-90eb-20fc46dcca08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ef300a2-6ad5-4e0c-b863-d308fcbfd7b2",
+    "id": "bundle--57367e1b-4a6c-4cda-8863-d5c59cb0635f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
index d5a062a2aa..8af1717283 100644
--- a/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
+++ b/mobile-attack/relationship/relationship--10c07066-df05-4dff-bb95-c76be02ea4ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d54f8bfe-ea1d-45fd-bc1a-8cdcd560aa30",
+    "id": "bundle--2f5d15c8-c2cf-4423-bec1-c416b10032d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
index fd7a57ebdd..e95db908b2 100644
--- a/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
+++ b/mobile-attack/relationship/relationship--10e02179-0434-4d4b-86b4-5d9fbc5d5451.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8323431a-042e-483f-b1b0-9087613c8e85",
+    "id": "bundle--d6d12b0f-8c80-440d-813c-301aec1034e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--117a7e1e-d5dc-451d-ab79-f29bdfec40ae.json b/mobile-attack/relationship/relationship--117a7e1e-d5dc-451d-ab79-f29bdfec40ae.json
new file mode 100644
index 0000000000..e4db2fe1cd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--117a7e1e-d5dc-451d-ab79-f29bdfec40ae.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--8117babe-48d7-4068-900a-b2d54ce01f5d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--117a7e1e-d5dc-451d-ab79-f29bdfec40ae",
+            "created": "2023-10-10T15:33:59.743Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "CrowdStrike-Android",
+                    "description": "CrowdStrike Global Intelligence Team. (2016). Use of Fancy Bear Android Malware in Tracking of Ukrainian FIeld Artillery Units. Retrieved February 6, 2017.",
+                    "url": "https://www.crowdstrike.com/wp-content/brochures/FancyBearTracksUkrainianArtillery.pdf"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.743Z",
+            "description": "[X-Agent for Android](https://attack.mitre.org/software/S0314) was placed in a repackaged version of an application used by Ukrainian artillery forces.(Citation: CrowdStrike-Android)",
+            "relationship_type": "uses",
+            "source_ref": "malware--56660521-6db4-4e5a-a927-464f22954b7c",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
index bc80c4ebbc..09a2a76bd0 100644
--- a/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
+++ b/mobile-attack/relationship/relationship--119b848b-84b4-4f86-a265-0c9eb8680072.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6200300e-de51-4234-a04e-6422958b0839",
+    "id": "bundle--da13ade7-226d-42cd-89af-4b3a4ff8e79a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--11a1da8f-f0db-4abe-88bb-1ab06f271f3f.json b/mobile-attack/relationship/relationship--11a1da8f-f0db-4abe-88bb-1ab06f271f3f.json
new file mode 100644
index 0000000000..4b60c0fc1f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--11a1da8f-f0db-4abe-88bb-1ab06f271f3f.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--85ad8aaa-f91c-4851-958a-eca22e6c23a3",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--11a1da8f-f0db-4abe-88bb-1ab06f271f3f",
+            "created": "2023-10-10T15:33:57.223Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Lookout ViperRAT",
+                    "description": "M. Flossman. (2017, February 16). ViperRAT: The mobile APT targeting the Israeli Defense Force that should be on your radar. Retrieved September 11, 2020.",
+                    "url": "https://blog.lookout.com/viperrat-mobile-apt"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.223Z",
+            "description": "[ViperRAT](https://attack.mitre.org/software/S0506)\u2019s second stage has masqueraded as \u201cSystem Updates\u201d, \u201cViber Update\u201d, and \u201cWhatsApp Update\u201d.(Citation: Lookout ViperRAT)",
+            "relationship_type": "uses",
+            "source_ref": "malware--f666e17c-b290-43b3-8947-b96bd5148fbb",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--11a992e7-83a3-4dc3-b391-fbd79e518943.json b/mobile-attack/relationship/relationship--11a992e7-83a3-4dc3-b391-fbd79e518943.json
new file mode 100644
index 0000000000..2498902d8a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--11a992e7-83a3-4dc3-b391-fbd79e518943.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--7386f22c-21b5-4aec-8f08-b225dc0d2d31",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--11a992e7-83a3-4dc3-b391-fbd79e518943",
+            "created": "2023-07-21T19:40:08.668Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:40:08.668Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can encrypt its data before exfiltration.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
index 2477f1156d..1dfcb7d03f 100644
--- a/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
+++ b/mobile-attack/relationship/relationship--12098dee-27b3-4d0b-a15a-6b5955ba8879.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1a3fdee-8ec3-4ffc-b2f9-9bb721876d55",
+    "id": "bundle--9015a60e-3750-4c54-b89e-5b5490df1bd1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
index 54fb4a1b0d..5f4c08f9be 100644
--- a/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
+++ b/mobile-attack/relationship/relationship--1218ed50-bd44-4f37-baba-1aae998b5a1f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--408b32a3-a4f4-4d20-a0c2-a05c25188ddf",
+    "id": "bundle--e0d7157f-f439-46e8-9049-a1bbf69c6839",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
index 481940aa19..283be363f5 100644
--- a/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
+++ b/mobile-attack/relationship/relationship--1250f91c-723d-4b4c-afea-b3a71101951f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9aaf7eeb-f7e8-4183-9ecc-6fe3d9b72d15",
+    "id": "bundle--0b1561e8-ef98-41f3-b05e-73791dbabcaa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json b/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json
index 0f8bc3342b..7a398ab627 100644
--- a/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json
+++ b/mobile-attack/relationship/relationship--127e6672-d16a-4370-b277-4d04874a4cfe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98a6f1ef-7446-4d3e-b721-71444ff90774",
+    "id": "bundle--4229eb18-df25-43ea-8ddd-d01585b8adbc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1284ba4a-c48c-4533-ac35-664828616ee3.json b/mobile-attack/relationship/relationship--1284ba4a-c48c-4533-ac35-664828616ee3.json
new file mode 100644
index 0000000000..ec55e66c17
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1284ba4a-c48c-4533-ac35-664828616ee3.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--1dbd1d3a-3119-445a-a142-de8329417d7d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1284ba4a-c48c-4533-ac35-664828616ee3",
+            "created": "2023-07-21T19:52:46.863Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:52:46.863Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access and exfiltrate files, such as photos or video.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
index 9b36824cbc..8f39817190 100644
--- a/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
+++ b/mobile-attack/relationship/relationship--1284f6fe-d352-415c-9479-82141524380a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0fc147d-1e85-431b-82b5-ac88f124a830",
+    "id": "bundle--b57e99f9-8f1b-4eaa-9d2f-e7370e24fd37",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json b/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json
index 747ae25df1..56a9100e52 100644
--- a/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json
+++ b/mobile-attack/relationship/relationship--12852406-87df-4892-a177-e15e81739000.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--7bd0cf2e-8f05-4aef-8ddf-997b388805a5",
+    "id": "bundle--2e2bf472-a99b-41f9-bf7d-b627be5bfc82",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--12852406-87df-4892-a177-e15e81739000",
             "created": "2023-03-20T18:50:14.139Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:50:14.139Z",
-            "description": "",
+            "modified": "2023-08-08T15:34:56.071Z",
+            "description": "Application vetting services could potentially determine if an application contains code designed to exploit vulnerabilities.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--351c0927-2fc1-4a2c-ad84-cbbee7eb8172",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--12d14048-793c-456c-a2b8-d812de547ca7.json b/mobile-attack/relationship/relationship--12d14048-793c-456c-a2b8-d812de547ca7.json
new file mode 100644
index 0000000000..887792a858
--- /dev/null
+++ b/mobile-attack/relationship/relationship--12d14048-793c-456c-a2b8-d812de547ca7.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--493c1717-5019-42cb-b0e6-185a0c497f9b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--12d14048-793c-456c-a2b8-d812de547ca7",
+            "created": "2023-09-28T17:19:38.041Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:19:38.041Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can read SMS messages on the device.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
index bf81f58484..4fff887389 100644
--- a/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
+++ b/mobile-attack/relationship/relationship--12d61e7d-7fa6-422d-9817-901decf6b650.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87304090-3503-4a7d-a612-e4b2910ed6a2",
+    "id": "bundle--897cf2bb-ed1e-47fc-8e98-b48d08b24d66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json b/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json
index d258f5c5d7..30a45e972c 100644
--- a/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json
+++ b/mobile-attack/relationship/relationship--12de5aeb-9427-4665-81a0-257c76d6f188.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76544dec-63a3-4141-92e1-7d954650ed12",
+    "id": "bundle--a8c272a5-1915-497d-8bf2-290c4b2d378a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
index a63f40a8d0..b33ddf37f4 100644
--- a/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
+++ b/mobile-attack/relationship/relationship--13078a96-2cda-4d0b-99f8-693a65a4b63d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--794519cf-aebd-44cb-ae84-1de945f07419",
+    "id": "bundle--c2aff248-82d1-4b60-beec-4c61cd604f9f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
index 52449b0b3c..76e3faaefe 100644
--- a/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
+++ b/mobile-attack/relationship/relationship--1317fb3d-ded3-4b84-8007-147f3b02948a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c9f1fcfa-8190-4114-b923-c1062752f15c",
+    "id": "bundle--8d92c9ef-21d2-475e-8ef9-48d9105f2572",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1329a866-0f6b-4660-b537-a6d208352502.json b/mobile-attack/relationship/relationship--1329a866-0f6b-4660-b537-a6d208352502.json
new file mode 100644
index 0000000000..3c440cbf1a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1329a866-0f6b-4660-b537-a6d208352502.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--a2519d86-41f8-4514-b3fe-801d22279224",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1329a866-0f6b-4660-b537-a6d208352502",
+            "created": "2023-06-09T19:11:12.827Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T20:48:55.333Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect a device's phone number and IMEI, and can check to see if WiFi is enabled.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--1343f1a3-0f03-4bcf-a9e6-4f5697ae35dd.json b/mobile-attack/relationship/relationship--1343f1a3-0f03-4bcf-a9e6-4f5697ae35dd.json
new file mode 100644
index 0000000000..3b98209593
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1343f1a3-0f03-4bcf-a9e6-4f5697ae35dd.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--eac15356-5725-4977-846c-f9abac80748b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1343f1a3-0f03-4bcf-a9e6-4f5697ae35dd",
+            "created": "2023-08-04T18:35:25.381Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:35:25.381Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can try to run arbitrary commands as root.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
index 675c4853fd..0af67ae338 100644
--- a/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
+++ b/mobile-attack/relationship/relationship--1348c744-3127-4a55-a5b4-2f439f41e941.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d01222a9-04c7-4654-8f97-318920409286",
+    "id": "bundle--54831dc3-adee-4ae2-886c-c67b643d2d98",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13495d9c-6877-4bc9-888a-7d92362bcb40.json b/mobile-attack/relationship/relationship--13495d9c-6877-4bc9-888a-7d92362bcb40.json
new file mode 100644
index 0000000000..10b7cc7423
--- /dev/null
+++ b/mobile-attack/relationship/relationship--13495d9c-6877-4bc9-888a-7d92362bcb40.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--f4f8ce90-b955-46d3-a4e0-7a46eb5c9382",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--13495d9c-6877-4bc9-888a-7d92362bcb40",
+            "created": "2023-06-09T19:10:19.108Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:13:50.488Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect device contacts.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
index 8e73d06732..212a5860cd 100644
--- a/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
+++ b/mobile-attack/relationship/relationship--13518e48-bb32-4ee3-9cd0-e5f367a2fb2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e0705982-8fb9-4924-88e1-b07c53e5eb67",
+    "id": "bundle--744705f8-7c52-4963-9a44-052c1cea008e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json b/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json
index 433081821a..b444752bd2 100644
--- a/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json
+++ b/mobile-attack/relationship/relationship--13aba849-5004-4457-9f3b-49e470b589e0.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--c43f764a-f542-434e-aa4d-5b7f2c585745",
+    "id": "bundle--3bb80d8a-2e67-4e43-ab59-1e059a84b459",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--13aba849-5004-4457-9f3b-49e470b589e0",
             "created": "2023-03-20T18:43:44.617Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:43:44.617Z",
-            "description": "",
+            "modified": "2023-08-14T16:21:05.598Z",
+            "description": "Application vetting services could look for connections to unknown domains or IP addresses. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
             "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--13e69c40-1511-4fac-b4c3-d31fc4b6c579.json b/mobile-attack/relationship/relationship--13e69c40-1511-4fac-b4c3-d31fc4b6c579.json
new file mode 100644
index 0000000000..295a57277a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--13e69c40-1511-4fac-b4c3-d31fc4b6c579.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4e444bbe-9f61-4856-bc33-a32b531e58a8",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--13e69c40-1511-4fac-b4c3-d31fc4b6c579",
+            "created": "2023-07-21T19:40:25.197Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:40:25.197Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can download and run code obtained from the C2.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
index 22de24af8b..f2f265514f 100644
--- a/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
+++ b/mobile-attack/relationship/relationship--13efc415-5e17-4a16-81c2-64e74815907f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eccc4f1b-e940-4e66-bf80-79879423788c",
+    "id": "bundle--fbe4710a-fa68-466c-83bc-98cfe0d45934",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
index a76cbffc5e..8db1aa42f1 100644
--- a/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
+++ b/mobile-attack/relationship/relationship--14143e21-51bf-4fa7-a949-d22a8271f590.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--865236ef-0eb7-4e6c-967a-aaaf161ae631",
+    "id": "bundle--526e0314-bc52-4d38-b6d6-d435b1008917",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
index d8d4f2954f..d105ef46c2 100644
--- a/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
+++ b/mobile-attack/relationship/relationship--1417d832-3fa5-4a87-a40b-5ca2d4ee5d1c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c16f31eb-a180-481d-a37d-2912e88ec58e",
+    "id": "bundle--6996b74a-2464-46d6-9a9c-eeff9e90e544",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
index 017869cfd2..7f81f3c958 100644
--- a/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
+++ b/mobile-attack/relationship/relationship--142532a6-bf7c-4b25-be23-16f01160f3c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3cd3816e-c3d2-455a-8631-4ba22ebfa50c",
+    "id": "bundle--9c944026-beb3-4f5c-88ce-7e7e4312406b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
index 8d2c8a4db7..4651cdda10 100644
--- a/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
+++ b/mobile-attack/relationship/relationship--14474366-938a-4359-bf24-e2c718adfaf5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1244933c-bcfc-4c6f-a838-a58124e7e988",
+    "id": "bundle--b93a2dcc-fc7c-4f2b-8634-139ec36c1e2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
index 471acabe9f..6b18281001 100644
--- a/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
+++ b/mobile-attack/relationship/relationship--146275c0-b6dd-4700-bded-bc361a67d023.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64798ddb-4da6-4cd5-be29-5995687754db",
+    "id": "bundle--d4f76a20-fdfb-4033-a04b-592201e69cc1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
index ea56de561b..98f8dea4a0 100644
--- a/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
+++ b/mobile-attack/relationship/relationship--147d82a6-a61a-41d0-8eef-b6193bdd92d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2382273a-1640-4bf5-b223-87ef4ef79b31",
+    "id": "bundle--8ddafd4a-08b1-41c2-a419-979f64a0f770",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json b/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json
index baabde89ea..d27ad1cf10 100644
--- a/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json
+++ b/mobile-attack/relationship/relationship--148703c5-6d07-439c-a4ff-d77119c70857.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--74119f7f-a3aa-4110-b0da-176fe860385e",
+    "id": "bundle--c59f5ab1-e7af-4b80-bf34-49812c4614a0",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--148703c5-6d07-439c-a4ff-d77119c70857",
             "created": "2023-03-20T18:52:21.767Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:52:21.767Z",
-            "description": "",
+            "modified": "2023-08-14T16:23:41.266Z",
+            "description": "Many properly configured firewalls may also naturally block command and control traffic over non-standard ports.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
             "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
index e67f51a437..aaff6fa470 100644
--- a/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
+++ b/mobile-attack/relationship/relationship--15065492-1aef-4cf8-af3c-cc763eee5daf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ba6c269-6ec6-499c-83f7-4f7a7f041ae0",
+    "id": "bundle--a6dd4e16-4284-4542-abbc-c00b4ed8d404",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
index 354f478aed..11cd7a973c 100644
--- a/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
+++ b/mobile-attack/relationship/relationship--1577a79c-5f70-41cc-95bd-2407cfd1acbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8a52921-8a5f-4be3-a0ed-ccd1f29a5d23",
+    "id": "bundle--e8016f5a-d445-483e-a376-f112b49532a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
index a0031419e4..1b78400142 100644
--- a/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
+++ b/mobile-attack/relationship/relationship--15d83ba8-be89-4151-9c6e-35d14df4fa80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b0e0a94-9b59-4b97-97e2-44c4265d82db",
+    "id": "bundle--ecccda07-f3d3-4cb6-9583-2ee9b8abea22",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
index a60d3b75ba..0204fafcef 100644
--- a/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
+++ b/mobile-attack/relationship/relationship--15eccf44-e528-41fb-9cb8-834c8c0ca9d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68c2a97f-0aef-4d4a-9c7f-0785d01ee996",
+    "id": "bundle--8a292a09-c84a-4675-ae56-c3db5e4d912e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
index ee6ecf6f59..ba74ae2a75 100644
--- a/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
+++ b/mobile-attack/relationship/relationship--16955c8e-65ab-4c9a-a8b1-bec4d5a45f8d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a5caf07-77b1-4f84-a814-a2cdf6436388",
+    "id": "bundle--6e5d110a-4031-4683-8c69-fc82dfd80308",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
index 92453d8e6f..23b3748908 100644
--- a/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
+++ b/mobile-attack/relationship/relationship--17141729-226d-40d4-928d-ffbd2eed7d11.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e71eb915-cd6f-4e40-89c1-8c328249c5c2",
+    "id": "bundle--75bfa312-40f9-46d1-84c0-7c4090aaf7e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
index 58fcd7dc3f..2fc8aed98d 100644
--- a/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
+++ b/mobile-attack/relationship/relationship--173c0c41-c7e3-48e9-b785-d9e0232d85ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08536b51-bd77-409d-9eef-345b5bd3c168",
+    "id": "bundle--fe22f043-616a-4899-8786-05f69cdcf7f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
index 57ffc7e6f5..f6a430feca 100644
--- a/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
+++ b/mobile-attack/relationship/relationship--17558571-7352-470b-b728-0511fb3f699d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57e5590e-1d62-4a93-900f-b5b124b6f64a",
+    "id": "bundle--79926e44-86cb-4a8f-b629-312b1d44c316",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
index cdc75c5408..bad028a08b 100644
--- a/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
+++ b/mobile-attack/relationship/relationship--17adf4c2-e278-41fc-9183-cda5c8b74de7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9379ab68-c201-4384-85eb-ec607af72f4e",
+    "id": "bundle--b3d05ee0-38c1-4a9d-bdcb-67c731941572",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
index 3e604c3cf2..5673b94ba4 100644
--- a/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
+++ b/mobile-attack/relationship/relationship--17e94f34-e367-491c-9f9f-79294e124b4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3442ffc-65db-491c-a41a-bbb64ebcbfbd",
+    "id": "bundle--cc507b3c-cd50-4e63-a550-66c1c57ccac2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
index cc959ad7ee..d05d2cf0fa 100644
--- a/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
+++ b/mobile-attack/relationship/relationship--1822e616-ae33-487c-8aa6-4fa81e724184.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7db304c4-7613-41d3-aff2-07e6360bab89",
+    "id": "bundle--375b0b60-2c20-4b1e-8048-aed5239f02b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
index 9d2e12caea..85e4544ced 100644
--- a/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
+++ b/mobile-attack/relationship/relationship--188c09ee-ca3b-4bac-ad69-36489c50b5bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8103c6dc-f6cc-424a-b196-88a6f76bd4f1",
+    "id": "bundle--bdddc2f9-7acb-4d5c-875c-155310fd322c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
index 270101cff0..c4513e863e 100644
--- a/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
+++ b/mobile-attack/relationship/relationship--18a6020d-8fea-4a6e-84ab-a18343f2acea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9d6651a-e52e-41f8-a2ff-b7882b2991c2",
+    "id": "bundle--e2412cc3-fd38-4808-a1c4-401d5db5605c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
index 45a08a6bda..74e81de2f6 100644
--- a/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
+++ b/mobile-attack/relationship/relationship--18afa4ad-4fd7-47ad-acdb-3b298b640d3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--601a11f1-7771-4d8b-a78d-75aa1875f478",
+    "id": "bundle--e651037f-7720-4468-bca9-b65d4e95ecbe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
index 3cca6ba4f0..1fb5e81f48 100644
--- a/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
+++ b/mobile-attack/relationship/relationship--18d3f4c7-2888-4d27-9ac7-b7ade1a1c04c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d310e05-26b5-4bff-9c46-b0d7da30fede",
+    "id": "bundle--cbc048ba-4dea-44d7-931a-bbe6b19acb73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
index bc575ab01d..016528c486 100644
--- a/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
+++ b/mobile-attack/relationship/relationship--1987b242-c868-40b2-993d-9dbeea311d4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b153d1b-f323-40cf-8fcc-391611f22259",
+    "id": "bundle--c48e9576-441d-4983-aaa4-4327137853f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--198b99e6-3954-4c93-90bc-4227b45270a4.json b/mobile-attack/relationship/relationship--198b99e6-3954-4c93-90bc-4227b45270a4.json
new file mode 100644
index 0000000000..234f3e68df
--- /dev/null
+++ b/mobile-attack/relationship/relationship--198b99e6-3954-4c93-90bc-4227b45270a4.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--e4c49b64-e2fc-423f-b54d-244b645d6446",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--198b99e6-3954-4c93-90bc-4227b45270a4",
+            "created": "2023-08-04T19:03:55.638Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:03:55.638Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can delete locally gathered files after uploading them to the C2 to avoid suspicion.(Citation: lookout_hornbill_sunbird_0221) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
index c4288e35ed..bad1ea1608 100644
--- a/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
+++ b/mobile-attack/relationship/relationship--19b95b83-bac0-455f-882f-0209abddb76f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81ae750d-a00a-4558-ae83-d10176e22624",
+    "id": "bundle--6cd003c6-1652-46da-b4d3-221d015ca162",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
index af4dceaad5..3064ede20b 100644
--- a/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
+++ b/mobile-attack/relationship/relationship--19df76ee-fa85-43cf-96ce-422d46f29a13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9567030d-0765-4df5-8727-4478477094f5",
+    "id": "bundle--a5774626-3926-4259-bf08-d05bb69f1b7c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
index b2320ed9b5..6c0b80cbfc 100644
--- a/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
+++ b/mobile-attack/relationship/relationship--19f220fd-94e8-4c8f-971d-ad37d7eeee80.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--561ca687-8533-4974-b0f6-3b406d0f81f0",
+    "id": "bundle--2e1bdb14-1a66-495e-ab3b-9b36801fec58",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
index 0aab1979eb..749c404942 100644
--- a/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
+++ b/mobile-attack/relationship/relationship--1a2f6cdc-7c52-4f6e-9182-bc5b16a638dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--21ca9884-41c7-414e-b694-e3711894d6df",
+    "id": "bundle--bc58b591-86de-4d5e-abb2-8eb9c92ca5cb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
index 5086ed024f..7a8cf191b1 100644
--- a/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
+++ b/mobile-attack/relationship/relationship--1a5bde32-aaa9-42d0-ab70-c9f11b0ae81e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f75b189f-8cc2-41a5-ab27-0d7a916dcf73",
+    "id": "bundle--fa148565-7b7c-4ed5-8370-1eb7525a00e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
index cc4903da28..8084bb5f18 100644
--- a/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
+++ b/mobile-attack/relationship/relationship--1b633efc-762f-47f9-96c3-d08ba92e0e3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3addcf72-d5bf-488f-b601-6fdbbfcde0f4",
+    "id": "bundle--6e1a01fe-4147-41ba-a555-590e144c3d28",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
index d6d98f1287..1611b772ab 100644
--- a/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
+++ b/mobile-attack/relationship/relationship--1b7be26d-cb1d-497b-94bf-a34f11ed66c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3de56ec0-cf1f-4b30-81e9-69e98469a1fd",
+    "id": "bundle--88e37928-3855-4ebc-a5a8-90b6a3db780b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1b9b145c-ce80-4d0e-99f2-d756b806745b.json b/mobile-attack/relationship/relationship--1b9b145c-ce80-4d0e-99f2-d756b806745b.json
new file mode 100644
index 0000000000..bf80276c8c
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1b9b145c-ce80-4d0e-99f2-d756b806745b.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d872c0d0-ba4e-4a86-9a56-727c29790c23",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1b9b145c-ce80-4d0e-99f2-d756b806745b",
+            "created": "2023-07-21T19:35:17.565Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:35:17.565Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can access a device\u2019s microphone to record audio, as well as cell and VoIP application calls.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
index dccf04ca37..0d155bd11d 100644
--- a/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
+++ b/mobile-attack/relationship/relationship--1bcd4b25-a1e0-4511-b0bf-3923a1e74c4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--545a84e7-c296-416c-884f-a69e60620c01",
+    "id": "bundle--56248945-dfa8-49f2-8802-f24e8140e38f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1be8aca9-d5a6-4cc5-9fbe-7625f7ff8d6a.json b/mobile-attack/relationship/relationship--1be8aca9-d5a6-4cc5-9fbe-7625f7ff8d6a.json
new file mode 100644
index 0000000000..6dc70b8b14
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1be8aca9-d5a6-4cc5-9fbe-7625f7ff8d6a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c3762294-083f-49f6-9d19-c654a673bffc",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1be8aca9-d5a6-4cc5-9fbe-7625f7ff8d6a",
+            "created": "2023-08-16T16:36:59.360Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:36:59.360Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather cookies and device logs.(Citation: cyble_chameleon_0423) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
index 81854f6852..b755f0fe3f 100644
--- a/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
+++ b/mobile-attack/relationship/relationship--1c180c0e-c789-4176-b568-789ada9487bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8918a35-4158-40b5-a051-bf1e9259de8f",
+    "id": "bundle--2cb6942b-c4cd-42b8-a4d0-19fabcea893c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
index cff667d292..dadcb81f8e 100644
--- a/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
+++ b/mobile-attack/relationship/relationship--1c42ee3a-c400-4de6-84aa-b254422af7b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--681bc7dd-12f6-4e59-8c69-9d9145fbd197",
+    "id": "bundle--5739ab21-2e94-4945-aa05-60b80e5d16ec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json b/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json
index ebee8ec62f..521aafdc3d 100644
--- a/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json
+++ b/mobile-attack/relationship/relationship--1c67b72f-7389-4c21-9347-2b1bba07aaaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--51a1b8a7-d1f4-401d-b78a-a1fb11354d7e",
+    "id": "bundle--dd387998-7627-43b3-af5b-8b93250021ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
index 458f475374..073ddfa0a7 100644
--- a/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
+++ b/mobile-attack/relationship/relationship--1c7d2d48-ea9a-448f-891f-66f635c95f73.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--756e63cd-db61-4926-84e1-38eaafc390c3",
+    "id": "bundle--8d728160-851c-430a-b35b-4c733e90e1b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
index 1e07fd25e0..bf83ef5753 100644
--- a/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
+++ b/mobile-attack/relationship/relationship--1cc71849-142f-4097-9546-7946b0b546a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6adc7928-d03d-4769-8be2-1d4c513325cc",
+    "id": "bundle--2cd49fe5-6ded-4b66-b8e6-b425c333eb97",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
index bbf245bb96..5199ab04af 100644
--- a/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
+++ b/mobile-attack/relationship/relationship--1cca5e17-80ae-4b6e-8919-2768153aa966.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5d65432-416d-46be-b6df-338065dda78e",
+    "id": "bundle--ff62de12-42e1-4b98-8427-d47d2862a1c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json b/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json
index 5fff1d2eb6..0614f81781 100644
--- a/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json
+++ b/mobile-attack/relationship/relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--88fed3ee-14ad-47e0-9ace-9e00212fc5d1",
+    "id": "bundle--e8f8a986-cb8a-488e-8d41-39f555b449a7",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--1d027925-7d63-459c-b5a5-48ffb49ba1de",
             "created": "2023-03-20T15:57:00.953Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:57:00.953Z",
-            "description": "",
+            "modified": "2023-08-08T15:30:59.104Z",
+            "description": "The user is prompted for approval when an application requests device administrator permissions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
             "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--1d2daf8f-ce51-47b5-b985-63ae4edfad4b.json b/mobile-attack/relationship/relationship--1d2daf8f-ce51-47b5-b985-63ae4edfad4b.json
new file mode 100644
index 0000000000..7c0425b483
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1d2daf8f-ce51-47b5-b985-63ae4edfad4b.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--13576ed2-b784-421c-9482-58ed014e18c0",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1d2daf8f-ce51-47b5-b985-63ae4edfad4b",
+            "created": "2023-08-07T22:15:34.550Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-07T22:46:12.263Z",
+            "description": "Command-line activities can potentially be detected through Mobile Threat Defense (MTD) integrations with lower-level OS APIs. This could grant the MTD agents access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+            "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
index 2a5b84d934..59cdda0a3a 100644
--- a/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
+++ b/mobile-attack/relationship/relationship--1d828f51-1c04-466c-beaf-2d4de741a544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e41bdc6-ced6-4953-a52d-59c816bbacf4",
+    "id": "bundle--916ccce5-f24e-4761-9e71-cde9299d83d5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
index da2acb7fc4..5936444a55 100644
--- a/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
+++ b/mobile-attack/relationship/relationship--1db350b2-1e8b-4d58-9086-eac41de1b110.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5bed2d3-9734-4506-9140-baed8ce075dd",
+    "id": "bundle--a7517057-513e-4b1a-9331-97bdd2f67613",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
index 584d132800..874d36c523 100644
--- a/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
+++ b/mobile-attack/relationship/relationship--1e286a4a-63cd-47df-a034-11a5d92daceb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ad0d17e5-54ed-4a61-91ae-2ee79cb716b0",
+    "id": "bundle--616019cb-9ca7-4f06-81dd-ab37dd707289",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
index fba978fcd6..7dfa9f8d57 100644
--- a/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
+++ b/mobile-attack/relationship/relationship--1e29a9ce-ed11-44ae-b66e-8b90ee79de6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8aac7e89-0416-46d5-801e-818afc08d9a8",
+    "id": "bundle--f3b38104-4c33-4a84-804f-17641af25443",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
index 1117c18cdc..4b468446aa 100644
--- a/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
+++ b/mobile-attack/relationship/relationship--1ed5b4fa-b871-4efa-87ee-1c91dcaa421e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dac0a4a1-d890-4ef5-8659-68b1385a411e",
+    "id": "bundle--06af6021-2338-4a20-a7a4-fc38e9492c98",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
index 2f8c38a3d0..e5ac8e1821 100644
--- a/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
+++ b/mobile-attack/relationship/relationship--1f027bab-76d9-4f5f-a73e-ea733a1ab223.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c74b72e-89c6-47ef-aad6-7b515669549b",
+    "id": "bundle--291abdf3-bcd2-45ff-8b10-e27406d32d70",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f31e348-a4ee-4874-891f-393c65a7640a.json b/mobile-attack/relationship/relationship--1f31e348-a4ee-4874-891f-393c65a7640a.json
new file mode 100644
index 0000000000..f4e52e52cc
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1f31e348-a4ee-4874-891f-393c65a7640a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--dcf06f99-dd05-4100-ba28-b9646bba87a9",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1f31e348-a4ee-4874-891f-393c65a7640a",
+            "created": "2023-07-21T19:34:13.200Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:34:13.200Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can exfiltrate a device\u2019s contacts.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json b/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json
index 3799be5564..161d17931f 100644
--- a/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json
+++ b/mobile-attack/relationship/relationship--1f32e107-aef9-42f8-84d1-4c4fcd863b7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e29760c-bd77-4ad0-9379-88fef7d9c123",
+    "id": "bundle--178fd53d-a539-42ad-9401-9fa639970c26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
index 1c78aee9c5..9f2b7e9039 100644
--- a/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
+++ b/mobile-attack/relationship/relationship--1f44936e-b84c-404f-a92e-6fb7e24b5435.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22cd7f68-9be5-4813-9f6e-f6e124a1f5a1",
+    "id": "bundle--9b8a09a2-c43b-446a-a98b-20b87e19d200",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
index ff093ce1e4..c85d6281f1 100644
--- a/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
+++ b/mobile-attack/relationship/relationship--1f7428d7-6f6e-40d0-aedb-cb0578875ff9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--986e3916-1556-4238-bfdc-a6e7be383557",
+    "id": "bundle--daef675d-372e-4f00-99b2-78d6625b8ff5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
index 8a5e1d9b8b..1de9fc18f6 100644
--- a/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
+++ b/mobile-attack/relationship/relationship--1f7b7de2-10e8-4eec-9c8f-db44ac3f271b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0bc66119-f990-41c2-856a-17c480464137",
+    "id": "bundle--4ccdbbde-7bfb-4a3b-aca5-c33b195c8d2b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
index d1e9a114c5..a86691eca0 100644
--- a/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
+++ b/mobile-attack/relationship/relationship--1f8b1ee1-e44b-4a37-a407-5cbceba35d87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3aa0e500-6d67-42e2-8cdc-427890f6a43a",
+    "id": "bundle--1aeb085e-f489-4866-88d6-67c88697b9b9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json b/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json
index 3b170d5420..de78a64b8c 100644
--- a/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json
+++ b/mobile-attack/relationship/relationship--1f8f0021-6992-476c-ba1c-232542dc1633.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--efcbe4d5-e618-4d67-8e29-6857006468f2",
+    "id": "bundle--438efdc5-6e50-4a0c-b69d-5bc404c6bd0b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--1f8f0021-6992-476c-ba1c-232542dc1633",
             "created": "2023-03-20T18:58:52.857Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:58:52.857Z",
-            "description": "",
+            "modified": "2023-08-10T22:13:53.253Z",
+            "description": "On Android, the user can manage which applications have permission to access SMS messages through the device settings screen, revoking the permission if necessary.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
index d396a17c14..b19f2b1b27 100644
--- a/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
+++ b/mobile-attack/relationship/relationship--1fdad4b5-18a1-4fbf-81ce-861feaf2bbdd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66f38551-db36-4cf5-b8cd-af4324acdf00",
+    "id": "bundle--90bd1ad1-09bc-47d1-988d-bfe2fba6204c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--1fdf9c43-0237-461f-86d4-1da843078744.json b/mobile-attack/relationship/relationship--1fdf9c43-0237-461f-86d4-1da843078744.json
new file mode 100644
index 0000000000..016c846ef2
--- /dev/null
+++ b/mobile-attack/relationship/relationship--1fdf9c43-0237-461f-86d4-1da843078744.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--a6446846-bb12-4f63-a31e-84b7ec14607f",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--1fdf9c43-0237-461f-86d4-1da843078744",
+            "created": "2023-09-21T19:38:49.571Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T19:38:49.571Z",
+            "description": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
+            "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--20310407-9b05-4d7b-9548-961f545e14e1.json b/mobile-attack/relationship/relationship--20310407-9b05-4d7b-9548-961f545e14e1.json
new file mode 100644
index 0000000000..6a33a65d97
--- /dev/null
+++ b/mobile-attack/relationship/relationship--20310407-9b05-4d7b-9548-961f545e14e1.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--b645df21-d190-4b1c-96d1-265916141e6d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--20310407-9b05-4d7b-9548-961f545e14e1",
+            "created": "2023-06-09T19:18:41.955Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-06-09T19:18:41.955Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) uses an infrequent data upload schedule to avoid user detection and battery drain. It also can delete on-device data after being sent to the C2, and stores collected data in hidden folders on external storage.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--24a77e53-0751-46fc-b207-99378fb35c08",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
index 7905091643..d23deaee6f 100644
--- a/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
+++ b/mobile-attack/relationship/relationship--20376a7f-897a-4f5d-a87a-93e64200a5a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3ed0ed0-1225-43d9-8a21-0b97871d41ee",
+    "id": "bundle--99bb3846-d7bc-4158-95fe-b9269368f62c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
index 38249513a2..dc242fb51b 100644
--- a/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
+++ b/mobile-attack/relationship/relationship--204e30ed-5e69-400b-a814-b77e10596865.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8b18f58-067d-409d-950e-39760d5a0fb4",
+    "id": "bundle--a179bacc-8b96-42a5-92a3-4d4d48a002ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
index 3aa6d7eaa5..f84ee7be89 100644
--- a/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
+++ b/mobile-attack/relationship/relationship--2065382f-45ae-4b9a-a77c-027ecd6c1735.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c82f7904-5ddf-4e16-9b5c-2b8fde9d0802",
+    "id": "bundle--aee4bb47-5376-488c-b476-9daf81bf8ee7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
index 2a4411359e..e59f9d88ce 100644
--- a/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
+++ b/mobile-attack/relationship/relationship--209aa948-393c-46b0-9488-ef93a6252438.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93c0c690-a6ea-4f42-b8e8-9fabbe29afbf",
+    "id": "bundle--fb5a25a3-38f2-4dff-a690-eb28ca2931d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
index 50c32e3c45..2feab02ab8 100644
--- a/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
+++ b/mobile-attack/relationship/relationship--20aaafe2-1f55-410f-9eb1-1fc979021fe0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f6cfa05-9aae-4623-85d9-f92840ee19b1",
+    "id": "bundle--98926a80-780c-4051-aadd-3dcdaddb8042",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
index e3624e06cc..0862cf0279 100644
--- a/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
+++ b/mobile-attack/relationship/relationship--20dcd886-56c4-421d-ba36-0f37a47a3f86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e097691-ef5f-45b4-8a98-a70f6f024818",
+    "id": "bundle--947c4ff6-7d2c-4208-82dd-e29f4f1d18d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
index a18947428c..d146488751 100644
--- a/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
+++ b/mobile-attack/relationship/relationship--2115228b-c61a-4ebb-829a-df7355635fbf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--255dcca1-47c3-4c07-9281-61067d33f4df",
+    "id": "bundle--7b94529d-a393-4438-8cd8-72b2c88c3a08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
index 02a3333517..d68054430c 100644
--- a/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
+++ b/mobile-attack/relationship/relationship--212801c2-5d14-4381-b25a-340cda11a5ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5bd1f32-a6dd-4448-9156-a64e5c139b5f",
+    "id": "bundle--57ecf409-1120-4a1d-a4e2-cde19c3f5329",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
index c1f8f75d52..bd824b94d6 100644
--- a/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
+++ b/mobile-attack/relationship/relationship--21e179f2-49c9-4ec9-ac7a-b8eae8e15bd9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37a27a6d-13fb-4dc9-b354-be8f252e16be",
+    "id": "bundle--a0611805-ce55-4d51-813d-9ada1ff3845b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json b/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json
index 752d3e8342..34d99549cb 100644
--- a/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json
+++ b/mobile-attack/relationship/relationship--22041a01-75e7-4ff6-8768-ad45188c53c7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b697a258-8821-4f80-9a3b-87cd6a1469c6",
+    "id": "bundle--e0abec2f-90e4-4fae-99b3-341dbf1e20ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
index c9af084619..21dd85ed92 100644
--- a/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
+++ b/mobile-attack/relationship/relationship--22290cce-856a-46d5-9589-699f5dfc1429.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--48223e83-bb64-4b6b-a27a-e394ad1f0cf8",
+    "id": "bundle--2a91d3bc-003f-4896-99f7-644a3d0d87d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
index be15a22e04..6d7cc350fb 100644
--- a/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
+++ b/mobile-attack/relationship/relationship--22334426-e99f-4e97-b4dd-17e297da4118.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4e0d36e-c6c4-40c9-ae98-de5048d2ecf4",
+    "id": "bundle--ac285a5a-60c3-4232-afc8-d0d810af9b66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
index ab3dbdff2c..4d353eeeb8 100644
--- a/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
+++ b/mobile-attack/relationship/relationship--22708018-defd-4690-8b0f-fe47e11cb5d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b8a8faa-fef8-4dad-825a-3290c6276108",
+    "id": "bundle--3eb8fb78-b45f-451b-8391-08da6deef285",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22755928-b0e1-4004-a89e-5f5ea2504cf8.json b/mobile-attack/relationship/relationship--22755928-b0e1-4004-a89e-5f5ea2504cf8.json
new file mode 100644
index 0000000000..94ff81f04b
--- /dev/null
+++ b/mobile-attack/relationship/relationship--22755928-b0e1-4004-a89e-5f5ea2504cf8.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--a5a2eda7-00f4-449e-a7c2-5fff80652585",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--22755928-b0e1-4004-a89e-5f5ea2504cf8",
+            "created": "2023-08-04T18:32:57.089Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:32:57.089Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can record environmental and call audio.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
index 0145da4c83..2cca593b4e 100644
--- a/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
+++ b/mobile-attack/relationship/relationship--22773074-4a95-48e0-905f-688ce048b5ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0664750-205a-42c7-a47b-180df98dbc6a",
+    "id": "bundle--a193dca1-b7e5-4eef-a2d3-35c930f4dd64",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
index b9b97f8e17..32a58c76c2 100644
--- a/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
+++ b/mobile-attack/relationship/relationship--22f3d28b-ba0c-4aa3-99b4-60790ba9c7b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6da5460d-193e-4fbf-adba-2a88f9e26f05",
+    "id": "bundle--01fdbac5-e21e-4655-ab88-a77c65f537af",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
index 43ee1ea0ce..54b2ca009c 100644
--- a/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
+++ b/mobile-attack/relationship/relationship--22f5308c-77ee-4198-be1c-54062aa6a613.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07eb8818-880b-4f49-abf0-9437ac756231",
+    "id": "bundle--c6e50358-b02c-4eb8-a4a1-f29edb7071cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
index 3a856b8d9e..adecc2555e 100644
--- a/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
+++ b/mobile-attack/relationship/relationship--2341fdfa-9699-4798-a35a-2cc4f150cd14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08d0ef48-9b3a-49a3-81a7-bf25cb5971a0",
+    "id": "bundle--29e6d33e-eeb6-4b6a-8e5a-b7059ac4f0a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json b/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json
index f7ca4de8bd..b2e38e36c9 100644
--- a/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json
+++ b/mobile-attack/relationship/relationship--2359ad4b-b00b-4fd5-aef8-2d2be8bcf081.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f5bb3094-ac4b-41e3-a63b-da99b5442f3e",
+    "id": "bundle--052efb31-16af-4995-bb0e-dc39008391c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json b/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json
index 8838fa3d82..ac4ffc3729 100644
--- a/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json
+++ b/mobile-attack/relationship/relationship--23a67f24-a8eb-4e31-acf1-11cb5e9f88b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96658283-f521-4778-a2b1-3cd1aa831891",
+    "id": "bundle--8b7796a8-1bca-453b-988c-385206bfe428",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
index e9874b6b63..790e2e15f6 100644
--- a/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
+++ b/mobile-attack/relationship/relationship--23cac1d7-27ca-4c78-bfa0-2d6023d21798.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61800237-de2b-4e6c-984f-3ad21b6952e9",
+    "id": "bundle--96a52f57-8828-4596-b79b-7d51b7f4ecf0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json b/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json
index 9658162c45..f28cd8f094 100644
--- a/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json
+++ b/mobile-attack/relationship/relationship--23ecc134-0623-45ec-b8b5-52516483bda1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--748d8ec6-d4b6-4a6a-bca2-c635aef35041",
+    "id": "bundle--c789f60f-1b02-4356-8fa0-1b4c952c7ff3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
index bfa05dcfd4..944eaa1973 100644
--- a/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
+++ b/mobile-attack/relationship/relationship--23fa0fcc-0193-45f2-9e0b-a5f68380015f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f0eb139c-a828-496e-b7cd-9181a819194e",
+    "id": "bundle--7c7d2185-0ede-4257-b600-3ebeca7f95d5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
index b0bb9c8012..ca29f7edaa 100644
--- a/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
+++ b/mobile-attack/relationship/relationship--242dc659-c205-4e9e-95f9-14fee66195af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f89cbc15-c666-42d8-bcf1-2a613fa474e2",
+    "id": "bundle--0d30d685-855e-4489-984f-10e615d08b4b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
index 190c25d933..80b662d8f1 100644
--- a/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
+++ b/mobile-attack/relationship/relationship--24951cfe-d3ce-4802-86ff-028fc9cbbe53.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--45a25033-6c92-47ed-91d0-b2391d5d2e12",
+    "id": "bundle--de80c6b3-5150-467c-b790-d56c9f432ecd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
index a3a51a013d..eb6f3d12c8 100644
--- a/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
+++ b/mobile-attack/relationship/relationship--24a7379e-a994-411b-b17c-add6c6c6fc07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6df25a5-2829-40c8-9203-956361084ff4",
+    "id": "bundle--4478357e-f419-4800-942c-6abd8649c66c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--24bcb2cd-1532-4e98-a485-a55e06d2577d.json b/mobile-attack/relationship/relationship--24bcb2cd-1532-4e98-a485-a55e06d2577d.json
new file mode 100644
index 0000000000..690457c70f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--24bcb2cd-1532-4e98-a485-a55e06d2577d.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--00ef1244-196e-4e18-a9f4-49369b09cab9",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--24bcb2cd-1532-4e98-a485-a55e06d2577d",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:41:16.865Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--6b846ad0-cc20-4db6-aa34-91561397c5e2",
+            "target_ref": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
index 2f53a1505c..6a056a79d7 100644
--- a/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
+++ b/mobile-attack/relationship/relationship--24de6f6e-86d3-4e4e-a965-3e0435205f48.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6d6f357d-dd09-46c3-bea8-68703ec20c46",
+    "id": "bundle--c7c6b48b-c5a4-48ee-b401-bcf23113507d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--25466097-53c6-4dc7-8409-197758e88673.json b/mobile-attack/relationship/relationship--25466097-53c6-4dc7-8409-197758e88673.json
new file mode 100644
index 0000000000..217f340786
--- /dev/null
+++ b/mobile-attack/relationship/relationship--25466097-53c6-4dc7-8409-197758e88673.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--99d4afe3-43c9-42f3-bda3-259912a4074b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--25466097-53c6-4dc7-8409-197758e88673",
+            "created": "2023-08-16T16:45:11.580Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:45:11.580Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can download HTML overlay pages after installation.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json b/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json
index f6e2b569a5..55bc42239d 100644
--- a/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json
+++ b/mobile-attack/relationship/relationship--25655385-5b0d-4700-a59f-d5d043625b84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84d36c5e-50d1-467a-9e02-51738ffd6489",
+    "id": "bundle--22642d5a-3ef1-48e4-89e0-7fed8a257460",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
index d824395b47..7a707e1372 100644
--- a/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
+++ b/mobile-attack/relationship/relationship--25cdb4f2-5b38-411c-bfb6-eca7ea4d4527.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5c8799cf-2c12-416f-ae27-2329e84c7ef0",
+    "id": "bundle--83a80377-9c1a-4a3d-af08-69b0a918823f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json b/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json
index ec881fbd2d..5ee0e52b0b 100644
--- a/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json
+++ b/mobile-attack/relationship/relationship--25de6cf6-38d5-4d1e-b3f1-6956a0ff0ac3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d4a00ed-7610-4ad4-b337-b12fe84a505e",
+    "id": "bundle--21898047-8310-4ead-bee5-b43edbad7857",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
index de699777ea..40242a0f61 100644
--- a/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
+++ b/mobile-attack/relationship/relationship--2621a020-8d4f-4ca4-b874-0be336a8cafd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc2afe16-ea52-494f-986a-7991e4c79183",
+    "id": "bundle--08872877-f2d4-4db5-b484-16c5eeb25362",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
index ad27ad22c8..806516842b 100644
--- a/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
+++ b/mobile-attack/relationship/relationship--268c12df-d3bc-46fa-99e9-32caab50b175.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae7a03d0-4d07-4175-bdf9-a98c68b4c8ab",
+    "id": "bundle--80553e79-ab5d-477c-abe1-0a99ca72b706",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
index 20ec1fba28..a527219d59 100644
--- a/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
+++ b/mobile-attack/relationship/relationship--269d4409-e287-4ef3-b5f3-765ec03e503e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a3e97d5-42b7-4aba-bc85-7a4d10cc4392",
+    "id": "bundle--a6c883a1-237f-4144-913f-8bd704a91278",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
index 70d62fc7a6..db087c9380 100644
--- a/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
+++ b/mobile-attack/relationship/relationship--26b1025b-5c08-4b6e-8c50-7d2baf29e7b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d85c76a3-8267-46fd-ad78-2179a4b70535",
+    "id": "bundle--159e8564-11c7-4646-89f0-612fa8db2175",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
index ad0387f304..855d022d07 100644
--- a/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
+++ b/mobile-attack/relationship/relationship--26bf27dc-f65d-477d-abbd-f4c3ce475c51.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1d66846-884a-409d-92c0-aaa795b4ea68",
+    "id": "bundle--1c4ebf95-b93e-4b20-b4a5-a60bf051c39a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json b/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json
index 0a5cdbf895..7b9d9f5bee 100644
--- a/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json
+++ b/mobile-attack/relationship/relationship--27050442-e578-44b7-9534-ada78824befe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb8c0766-b584-410c-bd67-f3b04ae7a976",
+    "id": "bundle--fe587e03-4a1d-48bc-a6c9-511278568c77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
index 61782e8af3..e23a56be5c 100644
--- a/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
+++ b/mobile-attack/relationship/relationship--271a311f-71bc-4558-a314-0edfbec44b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--51630013-ab8c-4f2a-8d0a-7ab4314dc9fd",
+    "id": "bundle--41ddc60a-92af-42cf-baf6-32570ab80865",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
index 4572a60332..91d94f8dea 100644
--- a/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
+++ b/mobile-attack/relationship/relationship--27247071-356b-4b5f-bc8f-6436a3fec095.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--007b7cf6-19a0-4ab8-b471-63c5a526ff6a",
+    "id": "bundle--ca17e60c-c7ee-49b1-b0b6-f24066773224",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json b/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json
index 232e5ada86..fa3637e025 100644
--- a/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json
+++ b/mobile-attack/relationship/relationship--27490b14-8044-408a-8c6a-6d8427eb78ff.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--5103f4ef-3d79-44ce-9ce3-eaf3323b34d1",
+    "id": "bundle--975277f0-bad0-4a75-83d1-cbc654105f81",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--27490b14-8044-408a-8c6a-6d8427eb78ff",
             "created": "2023-03-20T18:44:26.233Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:44:26.233Z",
-            "description": "",
+            "modified": "2023-08-08T16:44:47.944Z",
+            "description": "The user can review which applications have location and sensitive phone information permissions in the operating system\u2019s settings menu. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json b/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json
index 96cea5bb7f..8a86b107d8 100644
--- a/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json
+++ b/mobile-attack/relationship/relationship--276bfd69-33cc-4665-8aa7-72bed65d01f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b562db6-c3a1-4652-8635-ff1f70e623a5",
+    "id": "bundle--aff145b0-2aeb-4d67-b7ff-0b46f9d96eb4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
index c03ed1c0ee..a2cb1b9fd4 100644
--- a/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
+++ b/mobile-attack/relationship/relationship--2793d721-df10-4621-8387-f3342def59a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78e4dc75-118b-4b40-a0fb-e0494abf8072",
+    "id": "bundle--7094ee88-0935-44b6-a402-0c2aafd3e40e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
index 0d5acfc77a..c002b58b85 100644
--- a/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
+++ b/mobile-attack/relationship/relationship--27b8153c-130e-44a7-84a9-840f4c23e2ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--224f0965-33e0-4da0-98f5-43eacb7919b5",
+    "id": "bundle--54562fdd-aef2-4a89-99ac-944597992e04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
index 0cf55d24db..8fe01c38dd 100644
--- a/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
+++ b/mobile-attack/relationship/relationship--27c8d474-f3f8-4a0e-a317-7e57b9de620c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d7c022db-cf5b-4115-8760-8ac622221e40",
+    "id": "bundle--288b8142-438c-4a1f-93f4-fb1125e66977",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
index dcc0ba8894..0fdc1edfd1 100644
--- a/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
+++ b/mobile-attack/relationship/relationship--27f5dc22-6ab9-406f-9092-6cb610d777a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--920bd556-b394-42a9-8e33-f559400c41b8",
+    "id": "bundle--417b2780-b886-45d2-9967-fb0aa23c7538",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
index 1a3ad0d788..73ee2044db 100644
--- a/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
+++ b/mobile-attack/relationship/relationship--280aa15d-c7ff-4005-9861-9fc5c3bfe95a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b48a9b47-0886-4807-ba99-05e2938f726f",
+    "id": "bundle--36826448-0689-4bd3-b38f-901c210e9d47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
index 9bbce73b4f..b5c4bb216b 100644
--- a/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
+++ b/mobile-attack/relationship/relationship--2836dc3d-cbea-493b-af31-5f1fa8279ec2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f42df94-df8b-4c3c-a1e4-179219c36f94",
+    "id": "bundle--dd89dc05-dec6-4893-92bb-d33e74060e79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
index ccf8e052df..4d1cd0d240 100644
--- a/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
+++ b/mobile-attack/relationship/relationship--289f5e23-088a-4840-a2a6-bab30da2a64b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--970dd269-e2cd-4e13-acf3-239458a18147",
+    "id": "bundle--35d83bb3-a506-473b-99dd-ab981263472d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
index e249839284..2345456368 100644
--- a/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
+++ b/mobile-attack/relationship/relationship--2908f0f6-2408-41a1-aaab-cf3e7db06aad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c98318a2-f8c9-45e1-9580-0d3ae408b317",
+    "id": "bundle--409bdbfd-9b2f-45eb-b3bf-9315fa3b047d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
index 8d6fa49a2f..4916e02422 100644
--- a/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
+++ b/mobile-attack/relationship/relationship--290a627d-172d-494d-a0cc-685f480a1034.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22ce9ec4-a1aa-42df-8077-65b33b734ba1",
+    "id": "bundle--4089d96c-73d1-470f-a17b-99214bd13ec1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
index d35a33904a..a6dc4107d0 100644
--- a/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
+++ b/mobile-attack/relationship/relationship--290c9d3f-f59b-4e2b-9b7b-115014845c15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--59b2f861-d4f6-4841-bcda-bb4f615c97e6",
+    "id": "bundle--4c7b2b23-40c1-47e3-a179-e3e0316d6107",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
index b8f30d2c14..6b9e448101 100644
--- a/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
+++ b/mobile-attack/relationship/relationship--29357289-362c-447c-b387-9a38b50d7296.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d3822dfa-cc0f-4c5e-9d58-e3af59ebbeae",
+    "id": "bundle--ba144743-0354-4a06-ba46-64122cde32cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
index 9351b08448..9a45674f42 100644
--- a/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
+++ b/mobile-attack/relationship/relationship--295fab07-9f02-4504-9ae4-1a60c2e8c224.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--404958e0-0e99-49b4-b858-23119c87c20e",
+    "id": "bundle--027f5d34-7fa2-4785-a1e7-70b2094bb567",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
index f1ad7c1f33..30e791020a 100644
--- a/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
+++ b/mobile-attack/relationship/relationship--299931f0-4c60-4a9b-8a6a-4adb6362e590.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--16124fbd-9998-4333-b315-9cc426e6dcc2",
+    "id": "bundle--cd9038ac-e78e-4219-a310-f42eedd9ea8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
index c44526da80..384bfc0a44 100644
--- a/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
+++ b/mobile-attack/relationship/relationship--29dc105c-0b1b-4645-85ef-436c096bd3e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40227b84-9e52-417a-b845-e59980fb49cf",
+    "id": "bundle--b8ee13cb-b853-4f79-b5c6-0ddf08874eda",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
index f2c9cc5884..c3bf6003b2 100644
--- a/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
+++ b/mobile-attack/relationship/relationship--2a1d27a5-8149-4a6c-bbb7-6db83ce3a7ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7cefb07-268e-41bd-b52a-705dce500f59",
+    "id": "bundle--d90be6d8-488c-4e86-99be-9d15835a71bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
index 72360bcc47..7825da9b59 100644
--- a/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
+++ b/mobile-attack/relationship/relationship--2a472430-c30e-4877-8933-2e75f1de9a01.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1a527685-3b07-45db-bc83-21f9d3ad2eae",
+    "id": "bundle--8196ccfc-4c71-4d97-b586-fccfeb0528b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json b/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json
index 75d58b8e2e..88d1ff1630 100644
--- a/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json
+++ b/mobile-attack/relationship/relationship--2a5f4f05-bd60-4571-bcce-f3b764a5b5a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d205204d-62bd-4b01-80d8-ece9ff390d9e",
+    "id": "bundle--bba31365-3b80-4ca1-aa8a-feaca487aa82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
index 07bef4fe8e..5c55c98c9b 100644
--- a/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
+++ b/mobile-attack/relationship/relationship--2acc0c1a-af30-4410-976b-31148df5378d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--39ec8ff1-21f6-418f-9889-34ddd59235d8",
+    "id": "bundle--8b348675-81c5-4481-ab12-34a4da129900",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2af26be3-f910-4700-ab14-9d14532601cc.json b/mobile-attack/relationship/relationship--2af26be3-f910-4700-ab14-9d14532601cc.json
new file mode 100644
index 0000000000..6c24593c75
--- /dev/null
+++ b/mobile-attack/relationship/relationship--2af26be3-f910-4700-ab14-9d14532601cc.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d84e60e5-1e97-443a-8bae-74f01723a08d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--2af26be3-f910-4700-ab14-9d14532601cc",
+            "created": "2023-07-21T19:53:32.703Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:25:51.814Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access the device\u2019s call log.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json b/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json
index db4893a639..c1bf1dbe5e 100644
--- a/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json
+++ b/mobile-attack/relationship/relationship--2b065fcf-7ed1-4f88-8910-2eb46bde9ab7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d17d84f2-281e-47a1-a443-f380fe8c87f6",
+    "id": "bundle--91f6f25c-c6dc-4f24-b2e6-4d75dcca3d3b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json b/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json
index 40ce548c10..b77b04d9d9 100644
--- a/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json
+++ b/mobile-attack/relationship/relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--99ef01fc-3062-4933-8152-d5c79ddb877d",
+    "id": "bundle--306573b1-f0b0-4e65-9dfd-949e5ce49884",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--2b0f4c1d-8d99-4e80-8555-d9a454d5cab7",
             "created": "2023-03-20T18:55:33.546Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:55:33.546Z",
-            "description": "",
+            "modified": "2023-08-09T16:44:31.916Z",
+            "description": "Application vetting services could look for the Android permission `android.permission.QUERY_ALL_PACKAGES`, and apply extra scrutiny to applications that request it. On iOS, application vetting services could look for usage of the private API `LSApplicationWorkspace` and apply extra scrutiny to applications that employ it.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--1d44f529-6fe6-489f-8a01-6261ac43f05e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json b/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json
index 6dd011f7c5..72428f1894 100644
--- a/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json
+++ b/mobile-attack/relationship/relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--75869263-4813-4106-96a7-9cd4fe61bc56",
+    "id": "bundle--957235c5-530c-49b9-ace1-c1dfc787a4dc",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--2bbd620d-6deb-4f81-a95b-98a7a74878e9",
             "created": "2023-03-20T18:51:07.547Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:51:07.547Z",
-            "description": "",
+            "modified": "2023-08-09T17:20:06.469Z",
+            "description": "Network traffic analysis could reveal patterns of compromise if devices attempt to access unusual targets or resources. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
             "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
index aa5d042cad..220b5284f0 100644
--- a/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
+++ b/mobile-attack/relationship/relationship--2be3d0a4-2e24-4d04-859e-37d24835ff16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--32240539-a416-4670-8e60-62aa0d5fedcb",
+    "id": "bundle--d4ff3421-6c0f-4f80-a79e-2f974e066e89",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
index efe7fb9002..0f1aba3d2e 100644
--- a/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
+++ b/mobile-attack/relationship/relationship--2bedbf86-2ef0-45bf-950d-b9d072c03bdc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bce5a293-6134-4157-b8d4-6e6d23f5a100",
+    "id": "bundle--e9170eef-ba28-4d05-b1a9-54032bf68f05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
index 9c75d5ea73..72ae736126 100644
--- a/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
+++ b/mobile-attack/relationship/relationship--2c5b36b4-5381-4d9e-9ce5-cd7cd19041b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b74b37a7-ef49-4134-90ef-fe30e9f14f68",
+    "id": "bundle--86e660af-68d2-4e1f-a5cf-703067a03a91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
index e7a09150e5..f025156dab 100644
--- a/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
+++ b/mobile-attack/relationship/relationship--2c9ad579-0c29-4f2a-80f3-242dc6b0bafd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a528dcb5-f69b-4846-87e6-3657037d6b77",
+    "id": "bundle--1bfa089e-f2a4-4863-9cc8-e0dcdd8a9cdb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json b/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json
index 2d873e15fa..572d1b9b83 100644
--- a/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json
+++ b/mobile-attack/relationship/relationship--2caddf52-2bc2-4f75-90bb-0f292952ada6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--17fa6a7d-9099-48ca-a3f9-c22363f6cd30",
+    "id": "bundle--f3e6b645-0d90-41c8-b7aa-e0ce99007d7b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json b/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json
index 932c9e10e9..289b10a69d 100644
--- a/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json
+++ b/mobile-attack/relationship/relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--a4aab5f7-0f4c-4e5b-b875-e348192c637c",
+    "id": "bundle--7af6be44-cad6-4644-b0f9-f3534a96ac2e",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--2cb834dd-d7cf-46f3-a19b-bdbfb5bfee07",
             "created": "2023-03-20T18:54:25.458Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:54:25.458Z",
-            "description": "",
+            "modified": "2023-08-08T15:02:50.786Z",
+            "description": "The user can see persistent notifications in their notification drawer and can subsequently uninstall applications that do not belong.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
             "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
index a4fdc906e7..b135cf4ad2 100644
--- a/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
+++ b/mobile-attack/relationship/relationship--2cdd5474-620c-499e-8b9c-835505febc2c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9991527f-afbc-4c53-a50d-7e445d9cef8c",
+    "id": "bundle--0958fe1b-616c-4f86-b322-b8e12cf02495",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2ce1e63a-2e9b-4cac-9469-3fb78bf4640f.json b/mobile-attack/relationship/relationship--2ce1e63a-2e9b-4cac-9469-3fb78bf4640f.json
new file mode 100644
index 0000000000..4f895d19c7
--- /dev/null
+++ b/mobile-attack/relationship/relationship--2ce1e63a-2e9b-4cac-9469-3fb78bf4640f.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--6180fc2c-7714-458e-b868-8d313e33c6fa",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--2ce1e63a-2e9b-4cac-9469-3fb78bf4640f",
+            "created": "2023-08-16T16:38:15.526Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:38:15.527Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can perform system checks to verify if the device is rooted or has ADB enabled and can avoid execution if found.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
index cd4e7ff197..0d9f26d6cb 100644
--- a/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
+++ b/mobile-attack/relationship/relationship--2d1b46d5-cc2e-4312-adf2-43fb130a506b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e91a3e08-a818-4415-862f-6aa69c6712f5",
+    "id": "bundle--e59bb22d-7dfb-4077-a2f4-f440c328cf98",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json b/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json
index 74e19b9978..aecb92216b 100644
--- a/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json
+++ b/mobile-attack/relationship/relationship--2d3198ff-a481-47ec-ae64-13d7be706929.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a058822-b7b2-4d85-98a2-d97f62d5053d",
+    "id": "bundle--19657f16-f002-4b7b-8a84-4ca8d99c46db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
index 7fa907fe8b..6315789279 100644
--- a/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
+++ b/mobile-attack/relationship/relationship--2de76a24-ec87-4808-b0d3-b84d318ac22c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--626b6045-bee5-4a18-ba9a-ea59e5be2e71",
+    "id": "bundle--69ee2e9e-79e6-4b35-a766-b8b935331e47",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
index 3adb5643d9..07a059d5fe 100644
--- a/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
+++ b/mobile-attack/relationship/relationship--2e08820f-a81d-480e-9e60-f14db3e49080.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d319adbf-982e-4cb1-a4ae-4acf9f70551f",
+    "id": "bundle--e79cce96-f118-4111-b291-ef6b5bbfdeef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
index c94dbac1aa..9d62829579 100644
--- a/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
+++ b/mobile-attack/relationship/relationship--2e2d1ffa-f6df-4d3c-b99b-f7b8baff53e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb17332a-0864-48cf-90b6-2b1fa5a2c0e3",
+    "id": "bundle--59de509f-f3c2-41be-ba17-4c8b7e167a5a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
index a3f3d053cb..55e5176f8e 100644
--- a/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
+++ b/mobile-attack/relationship/relationship--2e3a5d0d-a80a-4606-8be2-208302e995d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6650b49f-c8e8-4a6d-9905-2878f2503ed4",
+    "id": "bundle--c72b9a89-cb45-4b4b-b7c3-645bc4ba0bd4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
index 28606a10ed..803fb5f8a8 100644
--- a/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
+++ b/mobile-attack/relationship/relationship--2e59d381-eac6-41c6-a5e6-f9617c10259e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--488fbaf9-cd47-451d-b5ae-c9dfa0138d9e",
+    "id": "bundle--3f9c25e3-e07a-4d27-b0c5-61cfed948694",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
index cf68f79567..b484ffb34d 100644
--- a/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
+++ b/mobile-attack/relationship/relationship--2e6d507e-afbb-4fa5-b459-2b060ab52db3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98322ba6-4285-4bb5-8d8f-121c9c141a92",
+    "id": "bundle--3e7352c3-9ab3-4a74-a607-80c268daa431",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
index c238fa07d9..a801a12bc1 100644
--- a/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
+++ b/mobile-attack/relationship/relationship--2e797961-356f-4763-bdb2-0ebc2ad4c8b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0463568f-d697-43f1-88af-30b1fa937875",
+    "id": "bundle--310aaeaa-7e30-4a9d-b9a4-70df3bed45ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
index fff84c33fa..f07023b919 100644
--- a/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
+++ b/mobile-attack/relationship/relationship--2e7f8995-93ae-41bb-9baf-53178341d93e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2cda37c9-44b2-40e0-9114-20b243cac53b",
+    "id": "bundle--baa2e3dd-dbf3-45fe-a1c3-17414b1c40e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
index 24591a1da3..8525d643e4 100644
--- a/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
+++ b/mobile-attack/relationship/relationship--2e826926-fd5b-407c-adbc-e998058728d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7bd22d3c-5025-43c6-8326-68b62bbce22e",
+    "id": "bundle--5b7cd0d4-7422-416e-a508-f62da3c1b49b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
index 8f8105b385..d11753b49e 100644
--- a/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
+++ b/mobile-attack/relationship/relationship--2e913583-123a-47af-8872-98fc12ab4a6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f22e4cc9-6d54-4c92-b270-15bda00d7952",
+    "id": "bundle--45767b95-ac09-44bc-9c33-a3662156d4c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
index 93b19cfcf8..00e5ef895c 100644
--- a/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
+++ b/mobile-attack/relationship/relationship--2ebd5c4c-af03-4874-a6fd-1e58d51cc055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa2463b3-2c1a-45ea-950c-4885f8f054c9",
+    "id": "bundle--9d181097-4219-4a15-8fe7-44243e68c520",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
index 4af653bf80..c1f632a9f4 100644
--- a/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
+++ b/mobile-attack/relationship/relationship--2f1e5d77-0054-4f8a-8e01-7c0318278a76.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f04d5061-128a-43d2-88b3-5bea922616bb",
+    "id": "bundle--de647c5e-bc4d-45b5-a18d-25cc4508b59d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f41ab75-3490-4642-8111-9d4d43b88df7.json b/mobile-attack/relationship/relationship--2f41ab75-3490-4642-8111-9d4d43b88df7.json
new file mode 100644
index 0000000000..1371d01996
--- /dev/null
+++ b/mobile-attack/relationship/relationship--2f41ab75-3490-4642-8111-9d4d43b88df7.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d20df230-e694-4bff-9e30-f2cede33448e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--2f41ab75-3490-4642-8111-9d4d43b88df7",
+            "created": "2023-08-04T18:32:23.019Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T20:40:40.079Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can take screenshots and abuse accessibility services to scrape BlackBerry Messenger and WhatsApp messages, contacts, and notifications(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
index fa780b93c0..f65825deca 100644
--- a/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
+++ b/mobile-attack/relationship/relationship--2f55e452-f8b3-402b-a193-d261dac9f327.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1eb01ad5-c3a4-4d7a-bdd8-4b4de78c0dea",
+    "id": "bundle--9ee60d66-2f27-4caa-9e55-08e808125606",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
index dbeb8ac8f4..db86bc56c8 100644
--- a/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
+++ b/mobile-attack/relationship/relationship--2f8b5252-551c-4a0d-8e72-8da4050757f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e71dc83d-d284-4367-99f5-1d776b9735fa",
+    "id": "bundle--b1e00c8a-c9df-4213-b7eb-040b5f4b0299",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json b/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json
index 9f880dbfd2..b92be58138 100644
--- a/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json
+++ b/mobile-attack/relationship/relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d30f98e1-f73a-4f23-9e0a-9e4f654e1d26",
+    "id": "bundle--3f460f76-4ceb-4d12-a731-371049637342",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--2f9b95b2-0ef4-40b8-a230-86f273000dc7",
             "created": "2023-03-15T16:26:04.949Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:26:04.949Z",
-            "description": "",
+            "modified": "2023-08-09T15:34:52.478Z",
+            "description": "The user can also inspect and modify the list of applications that have notification access through the device settings (e.g. Apps & notification -> Special app access -> Notification access). ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--2f9c31d2-2e6c-4e95-9058-c9a8def46865.json b/mobile-attack/relationship/relationship--2f9c31d2-2e6c-4e95-9058-c9a8def46865.json
new file mode 100644
index 0000000000..56d5f97ef3
--- /dev/null
+++ b/mobile-attack/relationship/relationship--2f9c31d2-2e6c-4e95-9058-c9a8def46865.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--1d532b22-2df4-4d0f-9b54-d1f73a5f0060",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--2f9c31d2-2e6c-4e95-9058-c9a8def46865",
+            "created": "2023-09-28T17:21:02.298Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:21:02.298Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can take photos using the device cameras.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
index 3888151521..155138c4f8 100644
--- a/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
+++ b/mobile-attack/relationship/relationship--2fcc6291-9a68-45c2-a5c5-94b1973ed3d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26ce5edd-f935-49d8-8d0c-78a3a893df27",
+    "id": "bundle--a1964926-2dc0-45cc-99f0-60d02dee6747",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--2fdcc49e-1875-4618-b3c5-c0ecfab97386.json b/mobile-attack/relationship/relationship--2fdcc49e-1875-4618-b3c5-c0ecfab97386.json
new file mode 100644
index 0000000000..582b1f66fa
--- /dev/null
+++ b/mobile-attack/relationship/relationship--2fdcc49e-1875-4618-b3c5-c0ecfab97386.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d2d7d316-e98f-4587-b551-9fe696b1e529",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--2fdcc49e-1875-4618-b3c5-c0ecfab97386",
+            "created": "2023-08-04T19:02:39.950Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:02:39.950Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) has impersonated chat applications such as Fruit Chat, Cucu Chat, and Kako Chat.(Citation: lookout_hornbill_sunbird_0221) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
index b883741fbf..3296e2e583 100644
--- a/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
+++ b/mobile-attack/relationship/relationship--300c824d-5586-411b-b274-8941a99a98fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--401f5580-5ab9-4844-847e-af5c975a0471",
+    "id": "bundle--0800e2b3-477b-434c-868d-6c76b778d848",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3057267c-fdd5-41d8-a9d8-76c0a87b28fa.json b/mobile-attack/relationship/relationship--3057267c-fdd5-41d8-a9d8-76c0a87b28fa.json
new file mode 100644
index 0000000000..6f1f5e9ade
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3057267c-fdd5-41d8-a9d8-76c0a87b28fa.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--209f2d98-722a-461b-ba41-e392cb4bd04d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3057267c-fdd5-41d8-a9d8-76c0a87b28fa",
+            "created": "2023-08-07T17:12:44.013Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-07T17:12:44.013Z",
+            "description": "Mobile security products can often alert the user if their device is vulnerable to known exploits.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+            "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
index a204b88976..3397db757d 100644
--- a/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
+++ b/mobile-attack/relationship/relationship--30ab9ce7-5369-402a-94ee-f8452642acb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1dca690-0a72-4f55-8032-edea1df830eb",
+    "id": "bundle--0da4fa30-b277-411e-9b55-4e5cf05a43ea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3115a062-e7d0-4eac-9d78-9a9c797e7546.json b/mobile-attack/relationship/relationship--3115a062-e7d0-4eac-9d78-9a9c797e7546.json
new file mode 100644
index 0000000000..e3a8a023dd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3115a062-e7d0-4eac-9d78-9a9c797e7546.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--ee988553-c565-420e-829c-e79765934360",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3115a062-e7d0-4eac-9d78-9a9c797e7546",
+            "created": "2023-07-21T19:53:45.997Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:53:45.997Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can request camera permissions.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
index f2aa1e6bc7..9ba49f8708 100644
--- a/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
+++ b/mobile-attack/relationship/relationship--312950f2-80d2-4941-bfce-b97b2cb7a1ff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8fab4e6b-3a0f-4cdc-8fbc-d363ecd422e9",
+    "id": "bundle--71ec7dfc-b0a7-4b6f-a8c0-de142b71280a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
index 6cb6ab7b2d..fe297f8942 100644
--- a/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
+++ b/mobile-attack/relationship/relationship--31330d32-50c8-4499-91fb-e1dcffa9ea8f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce25419a-3655-4586-8b79-76b64453c4e5",
+    "id": "bundle--90979beb-d94f-4145-8364-6235b3b83ccd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
index e3ee66cfa3..342cdc8576 100644
--- a/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
+++ b/mobile-attack/relationship/relationship--319d46b5-de41-4f23-9001-2fa75f954720.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da2a9fd7-1f12-439c-81d6-c01b7ccd6dcf",
+    "id": "bundle--6cbb84e4-f737-4a2b-8ab5-60aed4efe256",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json b/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json
index 808691aa3a..aa1d706841 100644
--- a/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json
+++ b/mobile-attack/relationship/relationship--322d0123-ea4c-4562-a718-672952c83d05.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--e3ec1ca8-40eb-46b1-b094-c00fa2d231f7",
+    "id": "bundle--72aae1a2-fcd7-496e-ad90-09e39d4e186d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--322d0123-ea4c-4562-a718-672952c83d05",
             "created": "2023-03-20T18:55:54.372Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:55:54.372Z",
-            "description": "",
+            "modified": "2023-08-08T15:35:51.271Z",
+            "description": "Application vetting services could look for misuse of dynamic libraries.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--b7c0e45f-0206-4f75-96e7-fe7edad3aaff",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
index 9d45ac17d8..b316aa9508 100644
--- a/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
+++ b/mobile-attack/relationship/relationship--3230c032-17e0-49f7-b948-c157049aafe2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--185e2aaf-b391-4c33-824b-a6711b9bd55b",
+    "id": "bundle--3ac2cd6d-48f5-4009-9323-65aade7a9a05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
index 00e65ed6f0..b0967eaf1d 100644
--- a/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
+++ b/mobile-attack/relationship/relationship--3272111a-f31d-47d5-a266-1749255b5016.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d7c4ba06-0c64-4a78-a12a-a5fbce6e7329",
+    "id": "bundle--c32684dc-f005-4c29-ad4e-4b1514b94ac7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
index 9803403d85..6bfeb55ac1 100644
--- a/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
+++ b/mobile-attack/relationship/relationship--327d0102-2113-4e12-be68-504db097a6fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2015d265-fa4a-485b-8260-d7fa5cd0da4a",
+    "id": "bundle--913f3bcd-5aa3-4fac-b800-56b126efc52b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
index c4d9f41bdc..d451304b8b 100644
--- a/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
+++ b/mobile-attack/relationship/relationship--32958f57-ad9b-4fe1-abf3-6f92df895014.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c061d4b0-7845-4bc8-a49c-488c2c36eaf4",
+    "id": "bundle--0a4a6fd6-0826-48a6-91ab-9be159af18e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
index 8ff280550b..0f3bd58368 100644
--- a/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
+++ b/mobile-attack/relationship/relationship--32be51e2-f74d-441f-aa0d-952697a76494.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab5f5732-914c-4c4f-8a40-a6da86e43622",
+    "id": "bundle--5b06c034-44d3-49e9-bcd4-ecf56c1fc63b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
index 1052248461..a7dea81ceb 100644
--- a/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
+++ b/mobile-attack/relationship/relationship--33316f49-f1fb-453a-9ba7-d6889982a010.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c7e1ddf-9995-48d1-9483-15998035110e",
+    "id": "bundle--66d8bd34-2591-4e6c-ab8a-47a3ce8430d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json b/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json
index 3b2a445183..a2a4092d64 100644
--- a/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json
+++ b/mobile-attack/relationship/relationship--3364dd33-c012-4aaf-852b-86e63bd724ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aee84481-0172-445b-939e-a3af2bdfc0c4",
+    "id": "bundle--44e16640-7cbf-45b4-8963-5edc4d1b1d69",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
index 1039071d8e..29894822c4 100644
--- a/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
+++ b/mobile-attack/relationship/relationship--33857221-2543-4a7f-8255-b0d140d70ad7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f2b6ef2b-638d-4fa2-96d2-fa971c1b8a9c",
+    "id": "bundle--ace5b6e3-91cb-48fd-8093-c38a41db68d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
index 1d7aed2052..83b879d187 100644
--- a/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
+++ b/mobile-attack/relationship/relationship--34351abd-1f58-420a-a893-ad822839815d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--85142859-e24b-422b-9b00-a771af319b05",
+    "id": "bundle--cf7ca5cd-0102-4c88-8ee6-c16b1b46d113",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
index f8f5f519d4..36f74fbc80 100644
--- a/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
+++ b/mobile-attack/relationship/relationship--346b7e4a-dbd1-486b-ba26-55ae2ac613d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--616be966-1948-4297-90e5-596631d3189f",
+    "id": "bundle--17b162cb-ba62-4e5d-9361-d0022df4ad05",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--348d1acd-3f37-4523-95cd-ae002c02c975.json b/mobile-attack/relationship/relationship--348d1acd-3f37-4523-95cd-ae002c02c975.json
new file mode 100644
index 0000000000..69d39d65ca
--- /dev/null
+++ b/mobile-attack/relationship/relationship--348d1acd-3f37-4523-95cd-ae002c02c975.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--b18c1857-d2ab-4564-9e7f-4cf600f8a373",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--348d1acd-3f37-4523-95cd-ae002c02c975",
+            "created": "2023-08-23T22:17:46.116Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-23T22:17:46.116Z",
+            "description": "Users should be wary of iMessages from unknown senders. Additionally, users should be instructed not to open unrecognized links or other attachments in text messages.  ",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+            "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
index d7f335b9b1..5267117f7c 100644
--- a/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
+++ b/mobile-attack/relationship/relationship--3498d304-48e3-4fe4-a3ab-fc261104f413.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6502ef23-b852-4e35-9f76-898cd812d1a2",
+    "id": "bundle--2ced5ee7-90a0-411c-b97e-bbd5955b6391",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
index 5128290fa4..f9e92e2560 100644
--- a/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
+++ b/mobile-attack/relationship/relationship--34a8a945-cc6c-474b-8db1-ffe8b5ecf99f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef019cc4-d575-47ac-9962-917ee1b1676c",
+    "id": "bundle--40a5dad5-47b3-4724-9b7e-56df74ab960e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
index 45711ee7b7..fa692f9524 100644
--- a/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
+++ b/mobile-attack/relationship/relationship--34b6abb0-d199-46bb-af21-b65560e75658.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9337296-007f-48e9-a2b5-04da652e7eb4",
+    "id": "bundle--6b898a47-a259-496d-8562-35ee187eaebd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json b/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json
index 5a18140d25..a87754d5a3 100644
--- a/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json
+++ b/mobile-attack/relationship/relationship--34dd5c26-eec9-4288-8e53-677271d490b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76535428-89e0-44c9-a9a2-6cae9ee1a4d8",
+    "id": "bundle--56d6e5b4-63b5-43f2-906f-063b242afc9a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
index 5424c42a92..f80d18d9c0 100644
--- a/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
+++ b/mobile-attack/relationship/relationship--34f9aed0-48a7-4815-8456-5541a7b8210f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70c4431c-5990-4b82-952e-60baece0718a",
+    "id": "bundle--2f0d68c6-3d49-48b2-851b-156b333fdf3b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
index 9a96545594..d544b33f1b 100644
--- a/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
+++ b/mobile-attack/relationship/relationship--352fabc8-48fe-4190-92b3-49b00348bb22.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c54bbc9c-ec2e-48ad-929f-2856270a2063",
+    "id": "bundle--bcb3d861-6ac7-42ed-94dd-b0f4137630bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
index fa57866934..c26cf11a25 100644
--- a/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
+++ b/mobile-attack/relationship/relationship--35453bbb-c9b3-4421-8452-95efdd290d21.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c94fb5cc-67f8-4705-a69b-d75f9a75ad35",
+    "id": "bundle--4a65a7b6-f41b-4412-b555-9752c2d54094",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json b/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json
index 75a3b75aeb..0f93442399 100644
--- a/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json
+++ b/mobile-attack/relationship/relationship--3565140f-1570-494d-9d6f-91c9203ece69.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--afcd3874-00a3-424f-a57c-37798a8cba78",
+    "id": "bundle--a3f78a45-1155-4592-b5b0-4088bc8a3f38",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--3565140f-1570-494d-9d6f-91c9203ece69",
             "created": "2023-03-20T18:52:29.821Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:52:29.821Z",
-            "description": "",
+            "modified": "2023-08-07T17:14:40.565Z",
+            "description": "Usage of insecure or malicious third-party libraries could be detected by application vetting services. Malicious software development tools could be detected by enterprises that deploy endpoint protection software on computers that are used to develop mobile apps. Application vetting could detect the usage of insecure or malicious third-party libraries.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--0d95940f-9583-4e0f-824c-a42c1be47fad",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json b/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json
index 2928199919..171ee6eac4 100644
--- a/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json
+++ b/mobile-attack/relationship/relationship--35927c96-7645-4ef3-b3da-e44822386a10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56ebaf54-04b2-4217-a281-9fef7026df1f",
+    "id": "bundle--1cea1347-5625-4b2d-afa9-3caf9d47514f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3598ab6e-9271-40ca-9771-b9a6bbce497c.json b/mobile-attack/relationship/relationship--3598ab6e-9271-40ca-9771-b9a6bbce497c.json
new file mode 100644
index 0000000000..dd61b9c026
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3598ab6e-9271-40ca-9771-b9a6bbce497c.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--5b1a269c-2a44-4aeb-8476-8ed40f88c7b9",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3598ab6e-9271-40ca-9771-b9a6bbce497c",
+            "created": "2023-08-16T16:44:09.459Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:44:09.459Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can use HTTP to communicate with the C2 server.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
index 2b71524bce..82b03785a8 100644
--- a/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
+++ b/mobile-attack/relationship/relationship--35a12ae8-562d-4e24-979e-ef970dde0b94.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd02872c-5333-4e3e-9af8-cb947e4d86b7",
+    "id": "bundle--710ddf1f-4a8d-4a20-9318-87c08b9a4065",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
index d36bc6d258..1a56e824fd 100644
--- a/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
+++ b/mobile-attack/relationship/relationship--35c67a18-7e8d-4bd5-9fe1-35b1ac3f401f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff593ec0-0806-4d40-a89d-05c814cd4211",
+    "id": "bundle--ff1bdb9f-18f6-419b-8293-b0c07d05efaf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
index ad03ccabd1..5b9157bcad 100644
--- a/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
+++ b/mobile-attack/relationship/relationship--3616bacc-6f6e-41f2-832c-cdbbae9622f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07c2f0bc-5e63-42a5-966d-ee2937a6230d",
+    "id": "bundle--024d2dcd-1bf7-4840-b92e-d7cd9a3a8a25",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
index aab880d91d..a984551b1f 100644
--- a/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
+++ b/mobile-attack/relationship/relationship--36268322-9f5e-4749-8760-6430178a3d68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8e058e2-8329-4fba-a099-fd054280618f",
+    "id": "bundle--c5fc8506-bc05-4e9d-97d1-d79f50c9536a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
index 8dbce25695..f22e2f42c1 100644
--- a/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
+++ b/mobile-attack/relationship/relationship--36298fd6-d909-4490-8a04-095aef9ffafe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1e8c8fe-0003-4145-b81f-bc2e89dc0652",
+    "id": "bundle--86338a59-4897-45b3-bbc6-1380755fd83a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
index 30d1a692b1..6faa46029a 100644
--- a/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
+++ b/mobile-attack/relationship/relationship--3644d1dd-8d9f-4a89-a618-c6b22c2a1a96.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1c0a08a0-8d19-4b30-9c80-fe8961a792f7",
+    "id": "bundle--c993881e-402f-4496-b1d4-cd24be4a31c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--36c71b5d-e453-488c-ae63-8fb063924c27.json b/mobile-attack/relationship/relationship--36c71b5d-e453-488c-ae63-8fb063924c27.json
new file mode 100644
index 0000000000..9d89bbd15a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--36c71b5d-e453-488c-ae63-8fb063924c27.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--c8c95c0f-85ae-4a89-82dd-8715c968917c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--36c71b5d-e453-488c-ae63-8fb063924c27",
+            "created": "2023-08-10T21:57:51.879Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-10T21:57:51.879Z",
+            "description": "The user can review available call logs for irregularities, such as missing or unrecognized calls.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+            "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bde9304b-4421-4185-a2c6-dabe1c080587.json b/mobile-attack/relationship/relationship--370bf74f-7499-4d66-9626-a61926af8f84.json
similarity index 61%
rename from mobile-attack/relationship/relationship--bde9304b-4421-4185-a2c6-dabe1c080587.json
rename to mobile-attack/relationship/relationship--370bf74f-7499-4d66-9626-a61926af8f84.json
index 4ada332695..10581a49a0 100644
--- a/mobile-attack/relationship/relationship--bde9304b-4421-4185-a2c6-dabe1c080587.json
+++ b/mobile-attack/relationship/relationship--370bf74f-7499-4d66-9626-a61926af8f84.json
@@ -1,21 +1,21 @@
 {
     "type": "bundle",
-    "id": "bundle--a9579138-b0fb-482d-abad-3f0d97db87c9",
+    "id": "bundle--3d05cfd4-052f-495a-924e-94b872817e43",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
-            "id": "relationship--bde9304b-4421-4185-a2c6-dabe1c080587",
-            "created": "2023-03-16T18:31:48.708Z",
+            "id": "relationship--370bf74f-7499-4d66-9626-a61926af8f84",
+            "created": "2023-09-21T22:32:19.683Z",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:31:48.708Z",
-            "description": "",
+            "modified": "2023-09-21T22:32:19.683Z",
+            "description": "Application vetting services may detect when an application requests permissions after an application update.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
-            "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+            "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
diff --git a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
index 6a55e88e10..1c4716f079 100644
--- a/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
+++ b/mobile-attack/relationship/relationship--37123a8d-5c03-459c-bd0b-c17e2ee75a10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a18397ea-770c-4191-8736-aeae56d6a788",
+    "id": "bundle--e7c7fadf-3616-4815-9f70-cb4467d461d5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
index af15b0b1c2..cc78f00a97 100644
--- a/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
+++ b/mobile-attack/relationship/relationship--373223d8-f18c-4151-8fe0-7d40c0c6e631.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--169e24e9-ee8d-499d-a213-4987070af659",
+    "id": "bundle--01d8ef04-8558-403d-a31e-fbbe5243820b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
index 450cac8070..a1f29cc43c 100644
--- a/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
+++ b/mobile-attack/relationship/relationship--373f33be-9b40-44f5-bfd3-db2a9f5fa72c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ccfec82e-fbaa-4dfd-ab30-02c8768d3ca2",
+    "id": "bundle--92328eae-0211-452d-937c-40ea04516f16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
index 476f2736b4..ed64d7aac2 100644
--- a/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
+++ b/mobile-attack/relationship/relationship--3752c235-0576-47dc-b05d-d3eaeaccfecc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a426867-24f0-43ea-9b92-e1cea3f09c6a",
+    "id": "bundle--4952289a-ba4d-4a11-a4c7-76d27d8c9917",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--37d14338-b629-4b54-b734-446789b79f6f.json b/mobile-attack/relationship/relationship--37d14338-b629-4b54-b734-446789b79f6f.json
new file mode 100644
index 0000000000..8510c7dfc9
--- /dev/null
+++ b/mobile-attack/relationship/relationship--37d14338-b629-4b54-b734-446789b79f6f.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--e2c81e41-fde1-498c-8c4c-b2fafcd53acd",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--37d14338-b629-4b54-b734-446789b79f6f",
+            "created": "2023-10-10T15:33:57.641Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Cybereason EventBot",
+                    "description": "D. Frank, L. Rochberger, Y. Rimmer, A. Dahan. (2020, April 30). EventBot: A New Mobile Banking Trojan is Born. Retrieved June 26, 2020.",
+                    "url": "https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.641Z",
+            "description": "[EventBot](https://attack.mitre.org/software/S0478) has used icons from popular applications.(Citation: Cybereason EventBot)",
+            "relationship_type": "uses",
+            "source_ref": "malware--aecc0097-c9f8-4786-9b39-e891ff173f54",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--37fd2f2a-e4f4-4d39-8698-d17305fb2517.json b/mobile-attack/relationship/relationship--37fd2f2a-e4f4-4d39-8698-d17305fb2517.json
new file mode 100644
index 0000000000..b4599d636b
--- /dev/null
+++ b/mobile-attack/relationship/relationship--37fd2f2a-e4f4-4d39-8698-d17305fb2517.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--680f67e0-9bfe-4bb4-ab02-7846d4d648fb",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--37fd2f2a-e4f4-4d39-8698-d17305fb2517",
+            "created": "2023-08-16T16:45:37.235Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-15T19:17:24.158Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can communicate over port 7242 using HTTP.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
index be1189fab5..f2bae4974c 100644
--- a/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
+++ b/mobile-attack/relationship/relationship--383e5b12-061e-45c6-911b-b37187dd9254.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--da575e00-2613-4d56-be1c-d195ecebcfc2",
+    "id": "bundle--5e678a66-ed92-4bc2-8514-d6eeedebe4a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json b/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json
index 25c4071874..6c69602b39 100644
--- a/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json
+++ b/mobile-attack/relationship/relationship--3841024e-1047-40fa-9e25-ac6d5c14612a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e4060b8-2061-461b-b7c3-1616a209b077",
+    "id": "bundle--6108f4d5-4e6a-4636-9446-32877776e0ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json b/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json
index 4335d34f4d..884d05edcf 100644
--- a/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json
+++ b/mobile-attack/relationship/relationship--3857f790-6ea1-4f37-8d90-90904f175d63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1aac08a5-6368-4010-b9ed-66e024e2fb36",
+    "id": "bundle--7d55a11e-481e-4a98-bfc3-6a6684c511d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
index 7a7abb298b..c9781cae83 100644
--- a/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
+++ b/mobile-attack/relationship/relationship--38634e49-f19e-41bc-bb6d-e711f0cabd91.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2139d59-6812-4979-891f-069359b28f09",
+    "id": "bundle--edd2c30d-7731-462c-ac43-da987df72818",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
index ecc043067c..593edbdd1b 100644
--- a/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
+++ b/mobile-attack/relationship/relationship--386b0a9f-9951-4717-8bce-30c8fbe05050.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f9a60da-e4d6-4250-876e-297315684a50",
+    "id": "bundle--583bfe67-e645-42d5-84e8-08396689f645",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
index 86b56185c1..68f17a054c 100644
--- a/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
+++ b/mobile-attack/relationship/relationship--38962b26-7cbe-4761-8b4f-50a022167c4d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff014d6d-b23e-49ce-b81b-f9d15ce1fe08",
+    "id": "bundle--074d6f4a-4179-4f55-95a8-c400c16051be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json b/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json
index e8ae147614..8bec08307e 100644
--- a/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json
+++ b/mobile-attack/relationship/relationship--38cb6365-40ba-47c6-a5e4-1a9be665f951.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66c95b7d-54cd-4662-8735-3a367d340073",
+    "id": "bundle--9734bc7d-a1a5-4a3f-94c0-fcc2907b6d79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json b/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json
index 5df01172c7..78d675a204 100644
--- a/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json
+++ b/mobile-attack/relationship/relationship--38ec048f-7f6e-4bbd-9455-1b1e54968af4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1d42152-48d4-4b17-80ea-0c6499d12624",
+    "id": "bundle--97d3d280-e0b2-4098-bfd5-c6fe2a54268a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
index 22bf6d34d4..647fa0bb53 100644
--- a/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
+++ b/mobile-attack/relationship/relationship--38f37e3f-1d4b-4f04-b176-1cae6d22931e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3589e96a-05e3-4afb-a7a7-d2d28dd81611",
+    "id": "bundle--5a425b94-62d0-4eec-a7e1-7f5ba1d4c600",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
index 4e34373bf7..6c977da303 100644
--- a/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
+++ b/mobile-attack/relationship/relationship--38f96449-dfb1-49db-b0d0-f257c3ee2c5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b17b7929-76fe-4bed-914c-4c98bb7deab5",
+    "id": "bundle--c6bc4b8d-02a1-4aea-86e8-7fd076d6df5e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json b/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json
index 94bfe334a4..76843c5ae2 100644
--- a/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json
+++ b/mobile-attack/relationship/relationship--393300c4-6852-466d-a163-1d51330fe055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7beb6e98-b92c-4ba6-9698-a5f55de1573e",
+    "id": "bundle--bb18675c-e1a4-4011-9ddb-11f00782a0ca",
     "spec_version": "2.0",
     "objects": [
         {
@@ -12,8 +12,8 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:48:50.839Z",
-            "description": "",
+            "modified": "2023-08-09T15:40:52.983Z",
+            "description": "Mobile security products can potentially detect jailbroken devices.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
diff --git a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
index be6cde74d0..17fb32ca7e 100644
--- a/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
+++ b/mobile-attack/relationship/relationship--395cb6b2-0848-43c7-ac4a-617e103fb66a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f44fc5e-e3d1-4ae6-a6c1-750ffe466b64",
+    "id": "bundle--66f81b43-3b67-4ce0-b133-d90f926ac611",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json b/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json
index db4c9eaeac..e4a6011eb1 100644
--- a/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json
+++ b/mobile-attack/relationship/relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--00428b30-e29e-4a8c-8be8-117437f55872",
+    "id": "bundle--4c1dc821-b39c-4269-9c80-dc4ee4edc427",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--3997b2a1-2b70-4eeb-aa8f-1053bb3744c2",
             "created": "2023-03-20T19:00:26.780Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T19:00:26.780Z",
-            "description": "",
+            "modified": "2023-08-08T17:04:24.775Z",
+            "description": "Application vetting services could potentially detect the usage of APIs intended for artifact hiding.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
index dcf8989cd4..e712e94f44 100644
--- a/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
+++ b/mobile-attack/relationship/relationship--39b854c1-5906-4d14-a0bc-1242c3eaa5b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b21580fe-a1b1-4aa0-a460-9815eb595291",
+    "id": "bundle--141276ac-e49b-4727-a48f-fb91d42ed727",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3a18f41d-876c-403a-80cc-47ef57ae630d.json b/mobile-attack/relationship/relationship--3a18f41d-876c-403a-80cc-47ef57ae630d.json
new file mode 100644
index 0000000000..57affbb323
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3a18f41d-876c-403a-80cc-47ef57ae630d.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--f4c7ea71-15e2-4d27-80e9-d0f58ce446e2",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3a18f41d-876c-403a-80cc-47ef57ae630d",
+            "created": "2023-09-25T19:53:56.034Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-25T19:53:56.034Z",
+            "description": "Remote access software typically requires many privileged permissions, such as accessibility services or device administrator. ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+            "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3a282967-0536-474d-8831-30cd60b818a9.json b/mobile-attack/relationship/relationship--3a282967-0536-474d-8831-30cd60b818a9.json
new file mode 100644
index 0000000000..e647239daf
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3a282967-0536-474d-8831-30cd60b818a9.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d01fd89a-a0cd-4e38-b07b-53ea17e4f38d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3a282967-0536-474d-8831-30cd60b818a9",
+            "created": "2023-09-28T17:20:38.294Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:20:38.294Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can initiate phone calls.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
index 77e86ffb72..48081dae84 100644
--- a/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
+++ b/mobile-attack/relationship/relationship--3a8fea40-69ba-4cfe-b577-c3112a60887a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a4812ce7-512b-4a66-9998-996328051a5a",
+    "id": "bundle--63b9b475-5863-4971-b5e6-d6d3486615c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
index 236bda5f08..1ffa6b5016 100644
--- a/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
+++ b/mobile-attack/relationship/relationship--3abc80ad-4ea0-4e91-a170-f040469c2083.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--935ca776-1a7a-44cc-a231-8d791b03c81d",
+    "id": "bundle--af453cb9-8bc2-475c-8f50-a151bc511b16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
index 54d85b4ed8..32501e0139 100644
--- a/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
+++ b/mobile-attack/relationship/relationship--3abcd7f4-5f6d-4b5d-9b37-eee68751dcbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5d31a52-f427-458b-ad7c-75e2d3d0aa5b",
+    "id": "bundle--5582b0d9-8816-4b3c-9851-670f6a815bd3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
index 13ccf25685..85a5768284 100644
--- a/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
+++ b/mobile-attack/relationship/relationship--3acbaa64-fb6e-4c26-ada4-1aab88798265.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70ac75c1-a759-484c-8e8d-5c47265f4b81",
+    "id": "bundle--4a38b755-f82e-4e52-ae82-93d13a34a7fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ae62d66-6405-413f-86e3-ccdb66fac7ba.json b/mobile-attack/relationship/relationship--3ae62d66-6405-413f-86e3-ccdb66fac7ba.json
new file mode 100644
index 0000000000..e494886c6c
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3ae62d66-6405-413f-86e3-ccdb66fac7ba.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--b0bcdddf-c2c3-4f97-af9e-6131758b07d1",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--3ae62d66-6405-413f-86e3-ccdb66fac7ba",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:41:33.829Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--e30cc912-7ea1-4683-9219-543b86cbdec9",
+            "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
index 7c93151a31..3c96f227d2 100644
--- a/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
+++ b/mobile-attack/relationship/relationship--3b0cb886-dabc-4622-b91f-3851e2a71bf2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5b26a41d-1370-4603-83c2-5610f9c426c5",
+    "id": "bundle--d5aefa81-f3f3-467c-9510-57e02d604f38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json b/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json
index 74b6568309..d9bfd2f5b2 100644
--- a/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json
+++ b/mobile-attack/relationship/relationship--3b24a287-36e1-49b9-811d-c0080147ff57.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d6cdce79-44e0-4c63-8420-0891c614de8d",
+    "id": "bundle--0035c396-ad17-4214-9592-9eeee1afc16d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--3b24a287-36e1-49b9-811d-c0080147ff57",
             "created": "2023-03-20T18:41:47.754Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:41:47.754Z",
-            "description": "",
+            "modified": "2023-08-07T22:45:47.105Z",
+            "description": "Command-line activities can potentially be detected through Mobile Threat Defense (MTD) integrations with lower-level OS APIs. This could grant the MTD agents access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
             "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json b/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json
index e4b915daa8..f3fb99fa81 100644
--- a/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json
+++ b/mobile-attack/relationship/relationship--3be6ad82-722d-4699-8e3a-c1ea60018244.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--df59254b-bf78-46ef-a402-e9c4a50c094f",
+    "id": "bundle--d4ced8a9-43e8-465d-a92d-8e1a33634ba4",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--3be6ad82-722d-4699-8e3a-c1ea60018244",
             "created": "2023-03-16T13:32:55.140Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T13:32:55.140Z",
-            "description": "",
+            "modified": "2023-08-14T16:29:15.000Z",
+            "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
             "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
index aed53d64f0..46e4a3faa2 100644
--- a/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
+++ b/mobile-attack/relationship/relationship--3bf4b093-a1a3-48da-9236-bce9514765eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--426aa757-c16d-4af4-ae18-07821ed2e11b",
+    "id": "bundle--63376325-4696-4246-b89f-817b083eb5f1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
index 01e10b371d..b59f695788 100644
--- a/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
+++ b/mobile-attack/relationship/relationship--3bf5a566-986b-478c-b2da-e57caf261378.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8f03c01f-fccc-4d5e-b309-ce4c72c3bc08",
+    "id": "bundle--939d3edf-d55c-4bed-b911-835eb35ae664",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
index 0f198cfaea..781d76cf70 100644
--- a/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
+++ b/mobile-attack/relationship/relationship--3c0b0763-78d2-4d6e-8e57-b4f27af7e414.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc4e2938-ee81-4e4d-b6e9-d7283d09bff8",
+    "id": "bundle--041ac41c-4202-4887-923f-818970792cfa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
index 22731bae95..bbe7e897b1 100644
--- a/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
+++ b/mobile-attack/relationship/relationship--3c291ee5-1782-4e5b-8131-5188c7388f45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0fc5506b-2b67-4f18-a49b-f32eefd0888f",
+    "id": "bundle--b2fa10a4-cf40-479b-b980-4aedbc65262d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
index 41d3b5f945..94428dc87f 100644
--- a/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
+++ b/mobile-attack/relationship/relationship--3c3c957e-7a23-4801-9f6a-ba599ad727d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1c0586b6-1c26-41d9-ae22-a32803fa499a",
+    "id": "bundle--1c92a5e6-3600-47bb-897e-9b7465a54404",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
index d04df7f0f6..2326eb7afe 100644
--- a/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
+++ b/mobile-attack/relationship/relationship--3c43d125-6719-420e-bb69-878cc91c2474.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d0ff3c4-88e6-4e84-b014-27b1ff1bdab0",
+    "id": "bundle--27404bb0-5137-4f7d-b806-fc9d41d7fe02",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c57ee56-34bc-4f0c-b363-68dab3e5e7b3.json b/mobile-attack/relationship/relationship--3c57ee56-34bc-4f0c-b363-68dab3e5e7b3.json
new file mode 100644
index 0000000000..58ce51ea32
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3c57ee56-34bc-4f0c-b363-68dab3e5e7b3.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--46d3d459-371d-4df5-9d8a-fdaa41e766ed",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3c57ee56-34bc-4f0c-b363-68dab3e5e7b3",
+            "created": "2023-10-10T15:33:58.361Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Proofpoint-Droidjack",
+                    "description": "Proofpoint. (2016, July 7). DroidJack Uses Side-Load\u2026It's Super Effective! Backdoored Pokemon GO Android App Found. Retrieved January 20, 2017.",
+                    "url": "https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.361Z",
+            "description": "[DroidJack](https://attack.mitre.org/software/S0320) included code from the legitimate Pokemon GO app in order to appear identical to the user, but it also included additional malicious code.(Citation: Proofpoint-Droidjack)",
+            "relationship_type": "uses",
+            "source_ref": "malware--05c4f87c-be8f-46ea-8d9a-2a0aad8f52c1",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3c6776b9-258c-460c-b4b4-ea1a1453e5c5.json b/mobile-attack/relationship/relationship--3c6776b9-258c-460c-b4b4-ea1a1453e5c5.json
new file mode 100644
index 0000000000..4dda9c18bf
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3c6776b9-258c-460c-b4b4-ea1a1453e5c5.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--38cd62ab-0c69-4d65-82db-17bd203441ad",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3c6776b9-258c-460c-b4b4-ea1a1453e5c5",
+            "created": "2023-08-16T16:40:34.787Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:40:34.787Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather device location data.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
index fef87dc5a1..3f60441084 100644
--- a/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
+++ b/mobile-attack/relationship/relationship--3c874ffa-63c3-491f-8d8c-623b19a7fdad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed193e26-d5b1-4c31-8ed6-8283f7aa9430",
+    "id": "bundle--6f992bca-0e2c-413f-b7b0-f1d69575e3ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3c90dc4c-8156-49ae-8144-76526268a6c1.json b/mobile-attack/relationship/relationship--3c90dc4c-8156-49ae-8144-76526268a6c1.json
new file mode 100644
index 0000000000..8488f90166
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3c90dc4c-8156-49ae-8144-76526268a6c1.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--897a5fcf-41be-496d-82cf-599a5389272b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3c90dc4c-8156-49ae-8144-76526268a6c1",
+            "created": "2023-08-04T18:32:08.706Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:32:08.706Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can request device administrator privileges. (Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
index 534f383ee7..e39b184098 100644
--- a/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
+++ b/mobile-attack/relationship/relationship--3ca284e7-062c-4f23-b95d-9f9c6a2d882a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f06f4817-3e8d-49fb-b6d5-361d043e3537",
+    "id": "bundle--c6c493c4-ceab-4fef-91a8-c6732c5c0a5e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
index 5de84e0dc7..7903fd9054 100644
--- a/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
+++ b/mobile-attack/relationship/relationship--3ca453a4-bd78-4087-a93f-9261fb2e3f00.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1bfefb07-3b97-4f1f-9ab5-698ef1f556e8",
+    "id": "bundle--108a85de-1017-4441-a43d-63f73144b17f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
index 5a786d88c3..ed2d830535 100644
--- a/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
+++ b/mobile-attack/relationship/relationship--3d24d88e-a0ab-42c6-8e8f-11f721082bba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5c90942-13f2-4ad9-bdf3-d726c70bf564",
+    "id": "bundle--44e04354-d9b0-41cf-8f5b-b9e3f69c52a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
index c4a7b80d9d..8e0db4c027 100644
--- a/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
+++ b/mobile-attack/relationship/relationship--3d5f7bdf-ab59-48f9-89d5-23f9d8cd235b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0692cc50-4489-4278-b8f4-a3fcc6bd1d54",
+    "id": "bundle--cce4413d-3b2c-4830-9b86-eba9829dd6bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json b/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json
index 2331ae735b..a609e5b85a 100644
--- a/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json
+++ b/mobile-attack/relationship/relationship--3d65c2b7-c907-45e1-b942-95f7d765e749.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--48c6553f-378d-4d9c-b96f-007dba432b75",
+    "id": "bundle--733e9501-1702-490a-8e21-2cf3459374f5",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--3d65c2b7-c907-45e1-b942-95f7d765e749",
             "created": "2023-03-20T18:53:34.056Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:53:34.056Z",
-            "description": "",
+            "modified": "2023-08-14T16:29:32.104Z",
+            "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
             "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--3db58541-3870-424d-ad74-f2b84ff87abb.json b/mobile-attack/relationship/relationship--3db58541-3870-424d-ad74-f2b84ff87abb.json
new file mode 100644
index 0000000000..e7393c4037
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3db58541-3870-424d-ad74-f2b84ff87abb.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--0a8b4b01-5918-436d-9785-3c1419d5a9e5",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3db58541-3870-424d-ad74-f2b84ff87abb",
+            "created": "2023-07-14T19:06:42.839Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-14T19:10:57.654Z",
+            "description": "Unexpected behavior from an application could be an indicator of masquerading.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+            "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
index 421005bb23..d5592ddd8e 100644
--- a/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
+++ b/mobile-attack/relationship/relationship--3dd0cd4d-bcde-4105-b98e-b32add191083.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b88b9c63-3dba-40d1-b7dd-a93db62eb877",
+    "id": "bundle--aa21c2fd-b2fb-4f24-b9bd-a1fc40e2f543",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
index e0e52a3fa0..afd61a2cef 100644
--- a/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
+++ b/mobile-attack/relationship/relationship--3dff770d-9627-4647-b945-7f24a97b2273.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1aae73bc-9da2-4ddd-9f42-c05b533b702c",
+    "id": "bundle--ca4a5b90-947c-4a1f-9212-af326cae0d8f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e11a61b-14b3-4268-a6dd-937d4baef6de.json b/mobile-attack/relationship/relationship--3e11a61b-14b3-4268-a6dd-937d4baef6de.json
new file mode 100644
index 0000000000..1fe5717da1
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3e11a61b-14b3-4268-a6dd-937d4baef6de.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--628325be-df98-40fc-9e37-8ba25cd3a7f5",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3e11a61b-14b3-4268-a6dd-937d4baef6de",
+            "created": "2023-06-09T19:17:12.858Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-06-09T19:17:12.858Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can record environmental and call audio.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
index cb0aa57c01..d9ac0c5d29 100644
--- a/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
+++ b/mobile-attack/relationship/relationship--3e2474d3-f36d-4193-92f6-273296befdd3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4bfaf6a6-3d29-4b63-9a0c-fd5e1dea597c",
+    "id": "bundle--0f3df695-0a2e-4e5b-a9fb-f68b6a502d97",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
index 13defa6961..a14df2caff 100644
--- a/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
+++ b/mobile-attack/relationship/relationship--3e2b9dc1-5da0-46a1-a576-4b41a10f3a60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e25f8bc6-99b7-4fe7-a939-01ebd1addbe9",
+    "id": "bundle--651e3e4b-810c-494a-a93f-e32c0de1cb60",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
index f6456be32b..29b0ba3528 100644
--- a/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
+++ b/mobile-attack/relationship/relationship--3e3cad6c-dd73-43c9-bf99-d4796ba97fb1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d63a9dcd-b0f6-497b-8e73-77501d3bff5f",
+    "id": "bundle--dceaa48c-3d3d-459e-8753-7efd13c0d7a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json b/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json
index ea15797d16..43ad7c115d 100644
--- a/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json
+++ b/mobile-attack/relationship/relationship--3e5b5c7a-32e1-4745-8ceb-c46ce7276364.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--29f26d97-0ade-4628-9625-50751d587bfe",
+    "id": "bundle--b1743fab-cdc4-4005-98be-330ad70fd594",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
index 333365ec7d..65fa0029b5 100644
--- a/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
+++ b/mobile-attack/relationship/relationship--3ebcd3d8-dd8e-4cc9-8087-ce9e93df6f56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--156743a5-7198-4b10-b825-210f4e9b556b",
+    "id": "bundle--6438850c-abe6-40c8-a7d0-14d060daadfc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
index 1e296dccf7..07c3f2c670 100644
--- a/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
+++ b/mobile-attack/relationship/relationship--3ebdc17d-401e-4f6a-af51-2dc57437b817.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--400a4770-6fde-4ad4-a2d3-f3bc6b708759",
+    "id": "bundle--1d84013d-e43c-45e6-a695-6bed5d66b7bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
index a446da6e34..412adb64d7 100644
--- a/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
+++ b/mobile-attack/relationship/relationship--3efe7dcc-a572-45ac-aff2-2932206a0632.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3798ee1-d75d-46bb-8c19-4ac8e9a372cb",
+    "id": "bundle--e11bbeed-06fb-4836-8aa1-13377a6acc26",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
index f6b172a9e4..58a20cda56 100644
--- a/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
+++ b/mobile-attack/relationship/relationship--3f2daf2e-c28c-46cd-bf91-ae35e873f365.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e92a2c8b-a0db-47a4-966b-5a08086a58cf",
+    "id": "bundle--76daac50-197a-43c2-a548-2a040b9276ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
index e2264e9544..c3b62d45d4 100644
--- a/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
+++ b/mobile-attack/relationship/relationship--3f31b209-dbc7-4c7e-bb0a-e37801121c13.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b322aae2-8485-4903-8809-2af6152dee2e",
+    "id": "bundle--637199a7-bd24-4d5b-9c13-bea50d8164de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
index 8e058f58c5..bcea51572c 100644
--- a/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
+++ b/mobile-attack/relationship/relationship--3f392718-87c4-483b-b89f-4f0cc056d251.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--91c6e5e7-4035-4fd4-80f9-efcafdeb209f",
+    "id": "bundle--4d87b0d1-99e6-47d1-99d6-497230ec24fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f47f048-badd-4476-8534-d06e20c02ec6.json b/mobile-attack/relationship/relationship--3f47f048-badd-4476-8534-d06e20c02ec6.json
new file mode 100644
index 0000000000..20f39dfc4d
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3f47f048-badd-4476-8534-d06e20c02ec6.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--70c5c84d-7a1d-4fc9-9cf4-248c5730a175",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3f47f048-badd-4476-8534-d06e20c02ec6",
+            "created": "2023-06-09T19:18:59.889Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-06-09T19:18:59.889Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can use HTTP and HTTP POST to communicate information to the C2.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json b/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json
index 7e39c5974b..bef0652af2 100644
--- a/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json
+++ b/mobile-attack/relationship/relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--622248f8-a55e-4ea7-848f-56920dfcbd28",
+    "id": "bundle--1e552898-5876-41fa-a791-3ca15835b746",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--3f5dbd48-5899-4e97-96a6-ad7e68b673cd",
             "created": "2023-03-20T18:43:03.117Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:43:03.117Z",
-            "description": "",
+            "modified": "2023-08-08T22:30:26.847Z",
+            "description": "Application vetting services could look for use of the accessibility service or features that typically require root access.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
index ffb60b98c5..0895d6de17 100644
--- a/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
+++ b/mobile-attack/relationship/relationship--3f81a680-3151-4608-b83f-550756632013.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34741ac4-533e-4630-969a-c730c8ea6855",
+    "id": "bundle--98572e68-1218-438a-b255-bb0ba2efb374",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
index 7cb58f82a6..2d679966a8 100644
--- a/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
+++ b/mobile-attack/relationship/relationship--3f973c3c-45f8-432a-9859-e8749f2e7418.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--27056a17-1c10-4c61-9674-b0e52d80bad0",
+    "id": "bundle--99cf80bc-7649-4363-a5f8-32d9afc3c2ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
index 7c0f969998..78d4411a6b 100644
--- a/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
+++ b/mobile-attack/relationship/relationship--3fcd2177-2030-4781-bd19-8b9fa8c6e645.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8e7ab98-b97e-47c5-8fde-d5cde385f072",
+    "id": "bundle--88e0140d-e709-4e3d-bafb-dd93a2de9f11",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
index 7557b983f4..2db13dc5c6 100644
--- a/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
+++ b/mobile-attack/relationship/relationship--3fd2785f-f0eb-4aa9-8a10-e1c9a88b372a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b3675505-ffe8-40fe-860c-326c5a6ef3e9",
+    "id": "bundle--db30f69f-0547-4ad7-89ab-6a0e69c69dc6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--3fdb8bfb-1b2d-4fac-bb41-d26a5ad18dbb.json b/mobile-attack/relationship/relationship--3fdb8bfb-1b2d-4fac-bb41-d26a5ad18dbb.json
new file mode 100644
index 0000000000..7d8d6d556a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--3fdb8bfb-1b2d-4fac-bb41-d26a5ad18dbb.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--1ae26ea6-4194-4c05-b7cc-ed9e54d60529",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--3fdb8bfb-1b2d-4fac-bb41-d26a5ad18dbb",
+            "created": "2023-08-16T16:44:30.692Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:44:30.692Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can send stolen data over HTTP.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
index e1bc8f5d6d..da48efab9f 100644
--- a/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
+++ b/mobile-attack/relationship/relationship--4009ff40-4616-4b1c-bff9-599e52ccab37.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b0dd62ff-692f-4828-8243-11e766bf1fae",
+    "id": "bundle--5d3465ba-9b05-48dd-980a-6f3c491d1c43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
index 384349d0b1..5cab117fd6 100644
--- a/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
+++ b/mobile-attack/relationship/relationship--4088b31b-d542-4935-84b4-82b592159591.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2c1630d-3be7-4f65-a3b8-9c32372923e3",
+    "id": "bundle--696fd90f-d9d3-4fd7-9096-c258f1d1af9d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
index 47b4acbd5c..b7e4a8bdfd 100644
--- a/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
+++ b/mobile-attack/relationship/relationship--40c9adb5-9d1a-4f51-8ef2-a80c2d78e4e4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4328a5f-abba-444c-b43a-1ba83e954f0b",
+    "id": "bundle--798bc2a9-02fa-4a71-b5ab-cf46df440036",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
index fd3eee63e8..69acac860d 100644
--- a/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
+++ b/mobile-attack/relationship/relationship--40f30137-4db9-4596-b4c7-a12f1497fd92.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2315f47a-25d1-455a-bc95-f583ed572eba",
+    "id": "bundle--1629598b-4bda-4e08-afe1-a63d662cc0f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
index db72593ca3..1f632c4519 100644
--- a/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
+++ b/mobile-attack/relationship/relationship--418168ad-fee9-42c8-ac27-11f7472a5f86.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--17f2fb75-3cbf-44e8-b782-299711ee87a2",
+    "id": "bundle--6c76253a-4e0c-4ac7-8cd1-7268c157e015",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
index bbe50f8f28..ee2dd79e55 100644
--- a/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
+++ b/mobile-attack/relationship/relationship--41da5845-a1a8-4d10-8929-053be3496396.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--22390766-7c21-40b2-a2cf-8f23625dd162",
+    "id": "bundle--14278966-e356-4f28-a3ff-2e82ec425585",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
index d1c3ad5792..80a6776a27 100644
--- a/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
+++ b/mobile-attack/relationship/relationship--4220ec84-3c30-462b-9bad-4fb4de42cfd4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e62d6218-3634-4d28-a93a-f7824ef332e6",
+    "id": "bundle--0af03bcd-71d9-4584-8218-2787b72dfb24",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
index 997f3b601e..4cf6d5eee7 100644
--- a/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
+++ b/mobile-attack/relationship/relationship--42342d72-a37c-477e-b8f1-1768273fcb7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d542005f-4191-4ee5-a9b5-f0f19a738789",
+    "id": "bundle--19b5d5b6-dd81-4d8d-aef9-e03d344ce269",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42510b9a-7e72-4a52-bc7a-6e1a7ebacff7.json b/mobile-attack/relationship/relationship--42510b9a-7e72-4a52-bc7a-6e1a7ebacff7.json
new file mode 100644
index 0000000000..d800279866
--- /dev/null
+++ b/mobile-attack/relationship/relationship--42510b9a-7e72-4a52-bc7a-6e1a7ebacff7.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d05130a5-29e6-41a8-a750-43f268e19519",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--42510b9a-7e72-4a52-bc7a-6e1a7ebacff7",
+            "created": "2023-08-16T16:33:12.493Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:33:12.493Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) has disguised itself as other applications, such as a cryptocurrency app called \u2018CoinSpot\u2019, and IKO bank in Poland. It has also used familiar icons, such as the Chrome and Bitcoin logos.(Citation: cyble_chameleon_0423) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
index 839d9c1314..703df5a1c0 100644
--- a/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
+++ b/mobile-attack/relationship/relationship--42536c96-ae61-41ab-a1bf-3e7d126a4000.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9bd0317d-c31c-42b0-a3d4-bdeb2d8f3caf",
+    "id": "bundle--33a92c2d-1377-4729-88cb-4925c3cea52b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
index b18d117bff..baa52f9b0b 100644
--- a/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
+++ b/mobile-attack/relationship/relationship--42624ee9-1bf5-46aa-87d0-9fda0de9a06e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81aa560a-c7d7-42a5-be3e-a3202bb992cf",
+    "id": "bundle--298c545f-f635-4557-ae1f-ffb1c83751aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
index ac51904260..bc3e635bc7 100644
--- a/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
+++ b/mobile-attack/relationship/relationship--429a4b02-f774-4b1e-aaef-5fd9c654dd09.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72007b15-535e-45d4-b168-1052f33ef97c",
+    "id": "bundle--25d41b92-4ec7-495e-b049-60412d25e37b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
index 351c9ae690..33d76f725f 100644
--- a/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
+++ b/mobile-attack/relationship/relationship--42ae42eb-ea75-457a-bf39-4ea04304dd0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c3b4d137-c713-4582-ba2b-9617f4a5b22c",
+    "id": "bundle--5981b7d1-793a-45be-b311-b03625ea9285",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
index a2eeed1261..fbe4dc2a7f 100644
--- a/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
+++ b/mobile-attack/relationship/relationship--42f8d024-64a7-4bbf-8c05-2b0c7e667396.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07f263a2-0ede-44ad-95c8-8c034b001420",
+    "id": "bundle--927bb569-f096-441e-a710-b713782207c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
index dd50feb551..116f1572f2 100644
--- a/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
+++ b/mobile-attack/relationship/relationship--430b2b14-9d63-401c-b76b-d0247ee7e27b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a39fac86-6379-4edf-b2a0-0c1baa335c49",
+    "id": "bundle--71c7540e-835a-4745-81c1-c5a4263c881b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json b/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json
index 7b15859775..40d56ea3f3 100644
--- a/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json
+++ b/mobile-attack/relationship/relationship--433af79b-ce77-4a4c-84f7-6cdc34e70674.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdd6dc2f-586e-4832-9295-809e337ce2cd",
+    "id": "bundle--d8b57adc-511b-4b6f-8eca-18e35cc12972",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
index 2bdf350f23..2cb4e487f9 100644
--- a/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
+++ b/mobile-attack/relationship/relationship--433ba5b0-76eb-49e1-a2ed-e54994e94041.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--45171e8d-065e-4eb1-b5f6-f074cdcd4efe",
+    "id": "bundle--2df997bf-4b27-4c9c-b1af-5f085185af27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
index 8c9de5f5a4..b1e265c791 100644
--- a/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
+++ b/mobile-attack/relationship/relationship--437f719c-d602-4cb8-a2b9-c33e85ad7c50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--06d25116-8bf0-432f-a685-ed55df530bc2",
+    "id": "bundle--d941f43c-90b2-4c5e-b31a-3c0806f21f77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json b/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json
index 0368ad7370..c6a942dd0c 100644
--- a/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json
+++ b/mobile-attack/relationship/relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--0d8c2f2f-18c7-4e1b-94c1-8a682510803d",
+    "id": "bundle--06ec12f2-7e4e-4a3e-ab6a-f87f89ba130f",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--439d905b-1ad8-461a-ab0d-b2f426cb2c3a",
             "created": "2023-03-20T18:53:35.012Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:53:35.012Z",
-            "description": "",
+            "modified": "2023-08-09T16:24:02.473Z",
+            "description": "On Android, the user is presented with a permissions popup when an application requests access to external device storage.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
             "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
index 7b39d473ec..ac6f8254b8 100644
--- a/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
+++ b/mobile-attack/relationship/relationship--43a62244-29f1-4f7f-bc9f-9b7b8e488b38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--678fc002-77ab-49e0-8464-7be3eca16958",
+    "id": "bundle--77ef081d-7a1f-498a-8230-7ddc8027b315",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
index 9dfd079877..83b5b534ca 100644
--- a/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
+++ b/mobile-attack/relationship/relationship--43eeee7f-339a-4f6e-9df3-ccbf08ecf358.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72ad6498-ca56-4a44-b5eb-f56e35d7421c",
+    "id": "bundle--e30bbfb9-2d3a-4b3e-b146-c9acfcd472c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
index 8d1d4973d7..e790e7acee 100644
--- a/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
+++ b/mobile-attack/relationship/relationship--442dd700-2d7d-4cad-8282-9027e4f69133.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01b14abd-4f94-4bf3-b20a-78e4ea4d0521",
+    "id": "bundle--310c5d50-f482-45dd-aea5-37d360eb0fb4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
index cb5ecce1f3..6b0edd360e 100644
--- a/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
+++ b/mobile-attack/relationship/relationship--44304163-9a44-4760-bd04-0e14adb33299.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--205c50df-af4b-4512-b501-dfbd0d7098a8",
+    "id": "bundle--ace701db-e864-4faa-adac-86c41b4ab562",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
index 24cf8b94e0..66e20aff84 100644
--- a/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
+++ b/mobile-attack/relationship/relationship--4449ac76-8329-4483-b152-99b990006cbc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9c8c71f-7316-4da5-ac03-1046c7f618b8",
+    "id": "bundle--7eac659c-01fd-465b-8214-cd116693ae20",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
index 0966174f33..7708f2e74f 100644
--- a/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
+++ b/mobile-attack/relationship/relationship--4454a696-7619-40ee-971b-cbf646e4ee61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8abd2558-4ba8-4895-895a-e484b3118b4b",
+    "id": "bundle--7917ad47-a51c-4d64-9bd7-562cd3e95fd1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json b/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json
index 22e430cc87..788f7fa335 100644
--- a/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json
+++ b/mobile-attack/relationship/relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--f81f3b85-b6d8-4d05-8392-0ff11547fb83",
+    "id": "bundle--22892638-a224-4c9e-8430-4b5f04473ad1",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--44a673c9-7ce7-42a0-8ab4-60bbb5001ce2",
             "created": "2023-03-20T18:53:15.929Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:53:15.929Z",
-            "description": "",
+            "modified": "2023-08-10T22:23:14.948Z",
+            "description": "Application vetting services could detect when applications store data insecurely, for example, in unprotected external storage.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
index 8c960318b8..63e6b44dc4 100644
--- a/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
+++ b/mobile-attack/relationship/relationship--44b63426-1ea7-456e-907b-0856e3eab0c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4281301a-319c-4b15-85e9-469b10d34ceb",
+    "id": "bundle--03f8b493-8dd9-44f9-8307-3c16db691583",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
index 57c2be3557..c4e2aac636 100644
--- a/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
+++ b/mobile-attack/relationship/relationship--44da429b-9dee-43c9-9397-445c6f9e647e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77899ee6-54fd-434c-b00e-1d0c24576cdc",
+    "id": "bundle--c2853efe-53d6-4f9d-a5e5-22a4e61db757",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
index 7b2feb953c..e51758d5bd 100644
--- a/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
+++ b/mobile-attack/relationship/relationship--450a1b75-efa5-4d7a-bcd5-d3e63723b408.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--31af4a74-09f5-4326-8d2d-2079df5b3afe",
+    "id": "bundle--90eb4817-1bae-4c2a-9f15-f96ad5840c08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
index 81e18bdb9c..d64c2ec2e9 100644
--- a/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
+++ b/mobile-attack/relationship/relationship--45253350-c802-4566-a72d-57d43d05fd63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c1d0843-29cd-47d1-b108-a8fc59a22b08",
+    "id": "bundle--afec0565-81f3-443d-872f-d1589cd48ced",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
index 27ace50104..6d3c7c685d 100644
--- a/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
+++ b/mobile-attack/relationship/relationship--45505ae7-0e54-4279-82c3-f92f4a832ed9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0dc746cc-d42f-480b-92c8-74d06c734743",
+    "id": "bundle--f5b30140-991c-4be3-9a17-42917f8f9418",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
index 6d2e3c1cb8..eaedb9d78c 100644
--- a/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
+++ b/mobile-attack/relationship/relationship--455b1287-5784-42b4-91fb-01dac007758d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d06b5107-e935-4b7d-aac1-8afd2872e78d",
+    "id": "bundle--07f31951-afe4-483d-87da-ceb962ebd305",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
index 9445b86528..7c4e659a53 100644
--- a/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
+++ b/mobile-attack/relationship/relationship--4586277d-bebd-4717-87c6-a31a9be741ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae9e0b91-b3ed-4eec-87ab-4acc8af2cca1",
+    "id": "bundle--a8038a20-6900-4b58-9891-46b716d5398e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
index 924e4fa514..8b85a76c85 100644
--- a/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
+++ b/mobile-attack/relationship/relationship--45da5ed9-3a9b-4491-98cb-96db68e245bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9a357df-f4b3-4b11-b457-c1ee91bfebd6",
+    "id": "bundle--721895b4-843d-40e4-956f-472890ab4c0d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
index 35838b6066..da62c3a321 100644
--- a/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
+++ b/mobile-attack/relationship/relationship--465b7a4a-32d5-475c-9fb9-6335c44fb0d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07900c15-e74f-4b99-afc1-808d032c57e9",
+    "id": "bundle--ccf75f52-26ac-447c-bb4b-0656d278d973",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
index b52178f610..7c9186b96a 100644
--- a/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
+++ b/mobile-attack/relationship/relationship--465d14e7-eb9e-4794-9cb3-1de2cff86a8e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64db21ba-61a6-4b22-ba3c-6cf6658cc5af",
+    "id": "bundle--7550dda9-f77c-48cf-8e34-e07e638d47ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
index ea0ab40583..2888f054b9 100644
--- a/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
+++ b/mobile-attack/relationship/relationship--4761145d-34ac-4b45-a0d6-a09b1907a196.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37a872b5-ae7d-4d4a-9e99-f3d3a3f53683",
+    "id": "bundle--a104c9a8-ad31-45e1-ba46-888eae9ba988",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
index b93538512d..4ab56724ad 100644
--- a/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
+++ b/mobile-attack/relationship/relationship--476e269e-3c49-4fda-a54b-3f0cb577c5af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0841b8e2-1eb8-4147-bfeb-62011c226862",
+    "id": "bundle--3ef49b4a-5fbd-4eb7-9ab0-ccd3586e58cb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
index 873862da25..7b0589c1a3 100644
--- a/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
+++ b/mobile-attack/relationship/relationship--477edf7d-cc1f-49b7-9d96-f88399808775.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--481405bc-a358-44e2-ac62-0c8e048319f6",
+    "id": "bundle--c996f4a5-ccd0-45d2-a67e-9938d0fa17da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
index 1c39cb8193..a4c657435f 100644
--- a/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
+++ b/mobile-attack/relationship/relationship--4819f391-01de-4525-992b-7e4a4f6667de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41bc6cdc-74e8-4e26-8b63-954abfa77870",
+    "id": "bundle--ebe6e17e-8191-48e6-b5f9-c968a17bef08",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json b/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json
index 969f441978..45df539e4d 100644
--- a/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json
+++ b/mobile-attack/relationship/relationship--481e5d33-eca4-453c-9fec-27ee01d50989.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b745094a-d341-4b20-87ea-0d4f69d2232e",
+    "id": "bundle--e89f67ee-8bff-4820-b50f-c92aaa4aacbb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
index e208c2f11a..7263a4dbff 100644
--- a/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
+++ b/mobile-attack/relationship/relationship--48486680-530c-4ed9-aca3-94969aa262b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--434527ed-c36a-4c38-a04a-c4be83f4a7ea",
+    "id": "bundle--e2e13ea0-c595-438f-973c-9db403214f73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
index b5de470fc1..8ac4d15088 100644
--- a/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
+++ b/mobile-attack/relationship/relationship--48552acc-5f1a-422f-90fa-37108446f36d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d367e99-1078-40f1-878e-387a2872f09c",
+    "id": "bundle--1c269974-63fc-4cd0-95c6-0c204b92432a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
index e18a800fd2..6ffdabd69e 100644
--- a/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
+++ b/mobile-attack/relationship/relationship--48854999-1c12-4454-bb7c-051691a081f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34cf7926-9edd-40de-845c-01e1104fb358",
+    "id": "bundle--e3d7edf0-477d-4432-80b5-09442cf2dc44",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
index 82de04fbe0..9cfe8599a1 100644
--- a/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
+++ b/mobile-attack/relationship/relationship--4896e256-fb04-403c-bbb7-2323b158a6e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--18f92ba7-8833-4acb-9d40-c3fa0eeb10d4",
+    "id": "bundle--e15b62e6-baa6-4c80-b25a-e1ec85d2b34d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4897ef75-0035-4ae5-b325-de2f6b27565f.json b/mobile-attack/relationship/relationship--4897ef75-0035-4ae5-b325-de2f6b27565f.json
new file mode 100644
index 0000000000..6d75083a18
--- /dev/null
+++ b/mobile-attack/relationship/relationship--4897ef75-0035-4ae5-b325-de2f6b27565f.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--16cf6f7a-01a2-4cc9-a083-1dafd66a714b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--4897ef75-0035-4ae5-b325-de2f6b27565f",
+            "created": "2023-09-21T22:31:28.428Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T22:31:28.428Z",
+            "description": "Application vetting services may look for indications that the application\u2019s update includes malicious code at runtime. ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+            "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
index 27cd44886f..4785220547 100644
--- a/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
+++ b/mobile-attack/relationship/relationship--48c0d9f7-9293-4f38-8ae5-9f5342621f74.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--160b3e5e-8b85-4717-8987-faf4eaf9530b",
+    "id": "bundle--72ee3485-d0a5-4eb9-b456-34a1434b2a81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--48cd0af5-9ad1-44b3-beeb-d576974dadee.json b/mobile-attack/relationship/relationship--48cd0af5-9ad1-44b3-beeb-d576974dadee.json
new file mode 100644
index 0000000000..0827e42280
--- /dev/null
+++ b/mobile-attack/relationship/relationship--48cd0af5-9ad1-44b3-beeb-d576974dadee.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--6bcaffca-f484-40a6-a417-e76246b50060",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--48cd0af5-9ad1-44b3-beeb-d576974dadee",
+            "created": "2023-09-28T17:19:00.464Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:19:00.464Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can request the `DISABLE_KEYGUARD` permission to disable the device lock screen password.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--dfe29258-ce59-421c-9dee-e85cb9fa90cd",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
index f76d34f914..31465712b5 100644
--- a/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
+++ b/mobile-attack/relationship/relationship--4920a041-86f7-495b-896c-4d964950ed7e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1ebb7e4-22f7-4a9d-84b0-704cc37672ce",
+    "id": "bundle--543d1f39-cbfd-42e0-a13f-14c00df92a19",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
index 0b8426e538..836036e803 100644
--- a/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
+++ b/mobile-attack/relationship/relationship--492d5699-f885-411a-8431-254fcf33fb12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--afc71c69-eb6f-4606-9ee8-e675033f83ca",
+    "id": "bundle--4afdadf9-82e0-4906-bd26-2cc2c5a5bcd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
index a9fca00d23..e2a00e7c7e 100644
--- a/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
+++ b/mobile-attack/relationship/relationship--4943cca6-69b1-4565-ac09-87ebda04584c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cca35983-f1d0-4196-a98e-81ed61d6617c",
+    "id": "bundle--fe647245-b289-4eb5-88cc-cac104d33d37",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
index 2e0caefb67..500d25ad48 100644
--- a/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
+++ b/mobile-attack/relationship/relationship--496976ef-4a0c-4782-95e7-231bd44df162.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0801ee2e-b562-44a3-bd61-400341c5f6b3",
+    "id": "bundle--bb102e20-9757-4ea6-b43e-e9953ec2aff4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--49c0c003-433c-467f-93b7-ca585aab8232.json b/mobile-attack/relationship/relationship--49c0c003-433c-467f-93b7-ca585aab8232.json
new file mode 100644
index 0000000000..af421fe644
--- /dev/null
+++ b/mobile-attack/relationship/relationship--49c0c003-433c-467f-93b7-ca585aab8232.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--74a2c030-d695-4654-bb6e-1d9b8ce4aada",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--49c0c003-433c-467f-93b7-ca585aab8232",
+            "created": "2023-08-16T16:46:17.841Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:46:17.841Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can register as an `SMSBroadcast` receiver to monitor incoming SMS messages.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json b/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json
index ea05fca387..ae51c807e0 100644
--- a/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json
+++ b/mobile-attack/relationship/relationship--4a408dee-07da-4855-b2ff-be512480ccb5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bbe4db23-9934-4ca3-a399-36da3dc604a6",
+    "id": "bundle--62ced57c-a21c-4259-8eff-3d2fd718a052",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json b/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json
index 4c642a44b2..490b73c6eb 100644
--- a/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json
+++ b/mobile-attack/relationship/relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57.json
@@ -1,25 +1,37 @@
 {
     "type": "bundle",
-    "id": "bundle--befe3362-4bc8-4330-9b6f-baa29e64aa2e",
+    "id": "bundle--a4983ec2-4f95-40ec-ad8a-0ecd4407ffdc",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--4a4aba6e-2dc4-43a5-bcac-876c89114a57",
             "created": "2023-03-20T18:43:49.345Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Android-AppLinks",
+                    "description": "Android. (n.d.). Handling App Links. Retrieved December 21, 2016.",
+                    "url": "https://developer.android.com/training/app-links/index.html"
+                },
+                {
+                    "source_name": "IETF-OAuthNativeApps",
+                    "description": "W. Denniss and J. Bradley. (2017, October). IETF RFC 8252: OAuth 2.0 for Native Apps. Retrieved November 30, 2018.",
+                    "url": "https://tools.ietf.org/html/rfc8252"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:43:49.345Z",
-            "description": "",
+            "modified": "2023-08-09T16:09:09.008Z",
+            "description": "When vetting applications for potential security weaknesses, the vetting process could look for insecure use of Intents. Developers should be encouraged to use techniques to ensure that the intent can only be sent to an appropriate destination (e.g., use explicit rather than implicit intents, permission checking, checking of the destination app's signing certificate, or utilizing the App Links feature). For mobile applications using OAuth, encourage use of best practice. (Citation: IETF-OAuthNativeApps)(Citation: Android-AppLinks)",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json b/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json
index 31ae23b476..5afffda69b 100644
--- a/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json
+++ b/mobile-attack/relationship/relationship--4a608d3b-aa02-4563-8b6b-c64a491856f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ac10da1-4943-4edb-8b0d-50c59d164393",
+    "id": "bundle--6523ffc1-0ada-4c20-a0e4-b665304ab663",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
index 72b68e5c5b..40c01ae327 100644
--- a/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
+++ b/mobile-attack/relationship/relationship--4a67b14a-e489-4e8f-b545-5bdf134e146e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86b88298-c5ad-4feb-9a70-69b8c604dcd7",
+    "id": "bundle--e8097913-55f6-465a-9805-b57fc6b8323a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
index 38114d808a..3ff89c09e1 100644
--- a/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
+++ b/mobile-attack/relationship/relationship--4a77c56b-ed2c-4e43-bd0f-7acf9cce1952.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2d0b2e9-78c2-4152-9165-3f9e1bfd9021",
+    "id": "bundle--4d8a08bf-4cb7-4616-b99e-6a9b2bb4a059",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
index ba5b8058e1..8cab53935c 100644
--- a/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
+++ b/mobile-attack/relationship/relationship--4a936488-526c-40c1-b2d5-490052cb0e73.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8b90f64-ac4a-497d-ae69-175cc21db163",
+    "id": "bundle--37045113-2803-45e1-aeaf-d8d7cde71de2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json b/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json
index 7b0123c2a1..8a1cc7fa12 100644
--- a/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json
+++ b/mobile-attack/relationship/relationship--4aae6ab8-2a67-4780-a69e-b15ecff7fc5d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8db9475c-e9fc-4f4c-b03e-b670785e590b",
+    "id": "bundle--3dabd809-0884-4da1-b1f4-38c7d216941c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json b/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json
index abea537c9c..e0dab59ceb 100644
--- a/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json
+++ b/mobile-attack/relationship/relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--29dad8fc-13e9-444e-9440-64750f39a7fa",
+    "id": "bundle--cbf5b50c-36b7-4ec3-882f-759d9e4031d2",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--4ab1867c-b924-4b0d-a332-c0e150a28d7d",
             "created": "2023-03-16T18:28:40.419Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:28:40.419Z",
-            "description": "",
+            "modified": "2023-08-10T22:11:01.943Z",
+            "description": "Application vetting services could look for `android.permission.READ_CALENDAR` or `android.permission.WRITE_CALENDAR` in an Android application\u2019s manifest, or `NSCalendarsUsageDescription` in an iOS application\u2019s `Info.plist` file. Most applications do not need calendar access, so extra scrutiny could be applied to those that request it. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
index 4e59f84e8a..898328e829 100644
--- a/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
+++ b/mobile-attack/relationship/relationship--4ad83f33-c64a-4ad6-ab6f-0548c9dde257.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1dfdc1df-c2f2-4df2-be7d-d8941ae29e46",
+    "id": "bundle--c6be8c8e-4fd9-494c-9f5e-dd03ab975825",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
index 61172b67e2..be4f6e4eea 100644
--- a/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
+++ b/mobile-attack/relationship/relationship--4ae0c45f-4ff0-4296-aaf4-c3e0d2e355e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88d2bf2f-d1c6-4862-8460-86730d7eb34d",
+    "id": "bundle--482a510d-7da8-4bc4-832f-f86f0f8bb1d1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
index f12c776c87..6adeaebcd4 100644
--- a/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
+++ b/mobile-attack/relationship/relationship--4aec0738-2c76-4dc7-af8a-87785e658193.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--25f84bbd-d77b-4bf4-a387-ff17411f9ed3",
+    "id": "bundle--329d14a0-035b-402e-b786-e84f7e7213c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
index 3efe7fc844..739799a182 100644
--- a/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
+++ b/mobile-attack/relationship/relationship--4af26643-880f-4c34-a4a8-23e89b950c9d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6743a40a-51af-4962-b7fb-119d28335852",
+    "id": "bundle--c0abde61-6b5f-441d-b972-8a5b1ebc0cb7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
index 069108fcf1..9e1d48d8ab 100644
--- a/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
+++ b/mobile-attack/relationship/relationship--4b16e681-9542-4f32-b23a-f1b0caf44b6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc360c0c-be50-4736-8544-2aecfeddb1f3",
+    "id": "bundle--c5e5f316-5a5c-4734-80d5-d13ca5a17c36",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
index f36019140a..d9c3ea84f5 100644
--- a/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
+++ b/mobile-attack/relationship/relationship--4b3cfd7c-5e41-4d9e-8879-b126ba66eaf1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c42f0b27-f8ce-415a-b85e-0754b601e749",
+    "id": "bundle--bc778ff4-3627-4dab-b9de-571e7358def2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
index 23f99b6b48..e30d1aeb64 100644
--- a/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
+++ b/mobile-attack/relationship/relationship--4b68bcb1-a512-40f7-9aee-235b3668f022.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f3ae7fc-1dae-44e2-90fb-80fc444d5d52",
+    "id": "bundle--32916e0d-7607-453f-bcc1-2a88f0c0f8e2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json b/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json
index 05d6a39880..0c72eb3248 100644
--- a/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json
+++ b/mobile-attack/relationship/relationship--4b7e117b-0c82-49d0-bee6-119158b3355b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--969fe2be-67d9-455d-b004-71aaca8becf2",
+    "id": "bundle--f2df15e4-a82d-4c0c-b3dc-5f4a9e900afb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
index 27effe0719..9875cd4d25 100644
--- a/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
+++ b/mobile-attack/relationship/relationship--4b838636-bfa4-4592-b72f-3044946b8187.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5873581f-b399-4bef-a446-4884aeb48d71",
+    "id": "bundle--7b8cbe19-f3f7-4587-b725-0f1243c52c6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
index b7a88a71ed..ab93b7bbbe 100644
--- a/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
+++ b/mobile-attack/relationship/relationship--4b8d027d-5da2-4a01-ad31-b6644a5cda61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--04bf6f81-3b49-4b4b-a3ec-8319265e4b78",
+    "id": "bundle--0d94ffe2-b144-4396-85e5-7dd32bb952c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
index 14d97288f4..d7c2d853dc 100644
--- a/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
+++ b/mobile-attack/relationship/relationship--4bdda427-2fff-428d-ba19-4bee5d2508e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13b3a0ac-b7c2-46ff-9cf1-91a0955e7399",
+    "id": "bundle--d3931946-42bb-4403-a72a-c7a4c64fb06f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4c035760-9bf2-40cd-87d1-f286afd76376.json b/mobile-attack/relationship/relationship--4c035760-9bf2-40cd-87d1-f286afd76376.json
new file mode 100644
index 0000000000..de03d26a0c
--- /dev/null
+++ b/mobile-attack/relationship/relationship--4c035760-9bf2-40cd-87d1-f286afd76376.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--fc9446a0-0e3e-4552-9641-9c696192c93e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--4c035760-9bf2-40cd-87d1-f286afd76376",
+            "created": "2023-07-21T19:41:45.173Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:41:45.173Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can collect clipboard data.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
index 1e6bcc515f..b1d3a48c59 100644
--- a/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
+++ b/mobile-attack/relationship/relationship--4c6f1475-3b92-4a37-8bb5-4dcc69660b11.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8e22ff2e-8594-40cc-a701-86a63698608f",
+    "id": "bundle--4eab0268-4546-4caf-a11c-1bc406a4c05b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
index 2c4ca2da49..1547355cb8 100644
--- a/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
+++ b/mobile-attack/relationship/relationship--4c7e776d-ed19-4e5a-842c-81612f5c07bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cdccbc2c-c838-450e-9366-13ef98349aa6",
+    "id": "bundle--9d5e5226-a502-43b1-97d8-b74497d675fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
index d72b294094..bd10444c86 100644
--- a/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
+++ b/mobile-attack/relationship/relationship--4cb926c1-c242-45c2-be46-07c22435a8a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd2022e3-39bc-409d-8e69-ae50f3b5a449",
+    "id": "bundle--c228aa5a-35b4-4965-bf0c-6f06fdfbc3cd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
index fe91024235..4662443c58 100644
--- a/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
+++ b/mobile-attack/relationship/relationship--4cc8a16f-562a-42c7-b5d9-10e1088af89c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4040a917-ecd2-4fe7-8873-753dc8270cc2",
+    "id": "bundle--4c7307d6-72af-4606-9ebd-aadc60de057f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json b/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json
index 492b7a72e7..240621fcdb 100644
--- a/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json
+++ b/mobile-attack/relationship/relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--7496885e-28ff-4dd7-bc6e-abfe83a284e1",
+    "id": "bundle--22e57858-1ccc-4331-a599-b976b0575b5e",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--4cccb708-b51b-4e71-94a1-78d6819eaac1",
             "created": "2023-03-20T15:16:19.428Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:16:19.428Z",
-            "description": "",
+            "modified": "2023-08-07T22:16:55.879Z",
+            "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to newly created processes and their parameters, potentially detecting unwanted or malicious shells.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
             "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json b/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json
index 934e9ebc16..19327ae3ac 100644
--- a/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json
+++ b/mobile-attack/relationship/relationship--4d431474-1dcc-4d0e-9906-129eb02f00b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f912c5d-5e17-48ad-9e03-85c847d05bc4",
+    "id": "bundle--84b630fd-d5e2-4b9a-ad1b-0623d72ee375",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
index e36be4e999..2e67d9b436 100644
--- a/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
+++ b/mobile-attack/relationship/relationship--4d4dfc26-3ab7-4798-abf2-be8dc278fdfa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77b36364-02b6-4e7f-a3ab-7d0c606996b8",
+    "id": "bundle--5de2f60a-01e1-43fc-b09a-5ea37e111c39",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
index 0ea04a9c5d..8c57bc49e0 100644
--- a/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
+++ b/mobile-attack/relationship/relationship--4d542595-1eb0-45aa-9702-9d494142b390.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5555432e-1246-42e3-86f5-a5f3f87c9a31",
+    "id": "bundle--79b2a7ca-8bf7-4d14-b506-7c9cf1a7b167",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
index 36eb6db99e..cf53444ed9 100644
--- a/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
+++ b/mobile-attack/relationship/relationship--4d6a900d-d1c4-4a91-bded-c9062aae384b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5dbbe66-be7a-4491-bd2b-a242f197a20a",
+    "id": "bundle--ecc7acf0-d1af-40aa-b8b4-253a29bdb6e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
index beb7c343c2..7b9672f925 100644
--- a/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
+++ b/mobile-attack/relationship/relationship--4d7e937d-7ea1-49cb-939c-5244815e51d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2b6dfbe-ec7a-4cca-aed9-f1c0d8cd161f",
+    "id": "bundle--1fa5d3c4-6c72-4ab2-b950-a8748e545f2c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4d88c5ac-68c0-4304-9474-d07372d0ad99.json b/mobile-attack/relationship/relationship--4d88c5ac-68c0-4304-9474-d07372d0ad99.json
new file mode 100644
index 0000000000..7534b98b7a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--4d88c5ac-68c0-4304-9474-d07372d0ad99.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--153dfdd8-e330-434f-b459-36acfb97d024",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--4d88c5ac-68c0-4304-9474-d07372d0ad99",
+            "created": "2023-09-21T22:19:04.080Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T22:19:04.080Z",
+            "description": "Enterprises can provision policies to mobile devices for application allow-listing, ensuring only approved applications are installed onto mobile devices.  ",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+            "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
index 8bc5f552a2..bec0f0f563 100644
--- a/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
+++ b/mobile-attack/relationship/relationship--4de3f794-63df-4f9e-8bd8-59796d91aa36.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--909b06e9-624f-4538-8c7d-7d588d1bf096",
+    "id": "bundle--f66e34fd-bd01-4973-bcfc-d4cf1a447875",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
index dfaf15c79b..78d585d02d 100644
--- a/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
+++ b/mobile-attack/relationship/relationship--4df6a22e-489f-400c-b953-cc53bfb708a3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e0d4382c-e4de-4c6a-9101-825e3885f022",
+    "id": "bundle--025c4c06-2c9b-45a9-b9be-a2385099b294",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json b/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json
index 85ac97f6f5..b8f730b9ff 100644
--- a/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json
+++ b/mobile-attack/relationship/relationship--4e68feca-083f-40ed-88d8-2b6a3935c949.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f477dba4-d678-41d8-b3c5-7656456962a5",
+    "id": "bundle--bd98b2c3-6e5e-4978-be2d-028e27f0f95f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
index 24033bf7e1..084aa8f49f 100644
--- a/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
+++ b/mobile-attack/relationship/relationship--4e6b726d-9ef4-4eb6-b9a7-74059caee5b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57e3ca47-8c69-436c-a44d-773043d724a3",
+    "id": "bundle--ba2f1cec-8946-49e9-840d-41709ba06172",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
index fb47148f72..d3b33be18e 100644
--- a/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
+++ b/mobile-attack/relationship/relationship--4e7a1b10-0f68-4a48-a13d-0c7bc13fb819.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3dca575-0f73-40c2-82c3-56f12e8c6129",
+    "id": "bundle--ea1e5234-201a-4628-ba3c-7771d044bc9f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
index 87950b7ef3..bb6fe7c200 100644
--- a/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
+++ b/mobile-attack/relationship/relationship--4e9f021d-3cf4-4790-8f7d-f87f33133446.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a72e2402-ee53-4c70-99c9-7785b466e5ff",
+    "id": "bundle--1955ee9a-6e13-40e5-94c7-d748b2acf965",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
index 8d00530a44..bee7b84a5b 100644
--- a/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
+++ b/mobile-attack/relationship/relationship--4ee57616-7205-490c-86c3-c27dcffd8689.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41827f8a-991f-4876-a8e6-ab540f6ae58d",
+    "id": "bundle--c62b61d9-c482-42bc-88f3-056de8d57102",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
index bdb8449493..d719efeda8 100644
--- a/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
+++ b/mobile-attack/relationship/relationship--4efa4953-7854-4144-8837-d7831ccbe35d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--350ca226-639f-471c-8907-0656391d4f66",
+    "id": "bundle--dc98ef75-b8a2-497c-bdd0-e4332c2088a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
index 63bf2cf06a..1025f1f98d 100644
--- a/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
+++ b/mobile-attack/relationship/relationship--4f2ae057-ef0b-4995-b24d-348a76a74a4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--717a1a23-59aa-4588-b0b0-b850b44cb79a",
+    "id": "bundle--951b37a7-d7c0-4256-83a5-cf0e90dd0119",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
index 2610586e65..f4f7b4c2ac 100644
--- a/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
+++ b/mobile-attack/relationship/relationship--4f366c8c-9c70-44ed-baa8-d433d5dbfe49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9ee546b1-477d-40fd-8bfb-979ee8a27f0f",
+    "id": "bundle--a8be307b-0233-40ea-a46d-9bb27d5bc82c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
index 34f3488520..cd187b21a0 100644
--- a/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
+++ b/mobile-attack/relationship/relationship--4f6f4def-e76d-4d1b-9416-b6543e7dbc54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f817f72d-fd9f-45df-8efe-7d42e42c420a",
+    "id": "bundle--64f081a4-416e-44c5-9782-b762fad81451",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
index bdca7f7782..f9c1d2a3f6 100644
--- a/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
+++ b/mobile-attack/relationship/relationship--4f812a57-efdc-463b-bf37-baa4bca7502b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c6dbf737-2f56-4ae3-b5b4-4434a60b7ca5",
+    "id": "bundle--a239c781-e093-4074-aa67-cc3e901c4820",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
index 16390b826c..147933974f 100644
--- a/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
+++ b/mobile-attack/relationship/relationship--4fc165fd-185e-4c70-b423-c242cf715510.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--836ad250-6402-4947-86da-3a08d1f469be",
+    "id": "bundle--61d50d12-e98c-49a7-98f7-9b3c8d6f7d84",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
index 80bc8dcfb5..395f248e46 100644
--- a/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
+++ b/mobile-attack/relationship/relationship--4ff5f854-bfe9-45bc-b11a-196cf826b760.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50e3a4c9-a531-4db3-b3de-b2c1ec0e9d57",
+    "id": "bundle--18285237-043b-478e-af48-3f940014819c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json b/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json
index 4b4c926480..0ab6c0cc07 100644
--- a/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json
+++ b/mobile-attack/relationship/relationship--4ff9b16f-3643-4fa0-b107-f93a9bb847c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1484a0ae-7726-47f8-b141-dc8a33471384",
+    "id": "bundle--12a36069-b8f3-4551-8e66-41d9b3275077",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
index 1aa700ee5d..d9370d6c68 100644
--- a/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
+++ b/mobile-attack/relationship/relationship--5012c647-9b58-4a4f-b64f-468c9b76a60c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9544c70c-ea93-4521-9f61-cab5c77ce79d",
+    "id": "bundle--a416dd4d-1abd-4043-bb40-72ef2e8a19d1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--502fc83c-ce03-4ce7-a202-095bbe0b492b.json b/mobile-attack/relationship/relationship--502fc83c-ce03-4ce7-a202-095bbe0b492b.json
new file mode 100644
index 0000000000..8e1bb01abd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--502fc83c-ce03-4ce7-a202-095bbe0b492b.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--63de91ad-4d94-4208-bfe2-178b4871b317",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--502fc83c-ce03-4ce7-a202-095bbe0b492b",
+            "created": "2023-07-21T19:51:08.375Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:51:08.375Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access a device\u2019s location.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--503ca6f2-a747-43fb-8fc5-7be095dcb966.json b/mobile-attack/relationship/relationship--503ca6f2-a747-43fb-8fc5-7be095dcb966.json
new file mode 100644
index 0000000000..9b7a312d28
--- /dev/null
+++ b/mobile-attack/relationship/relationship--503ca6f2-a747-43fb-8fc5-7be095dcb966.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--f91feda3-8e38-465f-9bf9-9311249088b8",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--503ca6f2-a747-43fb-8fc5-7be095dcb966",
+            "created": "2023-08-04T18:31:30.237Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:31:30.237Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can access images stored on external storage.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
index 5b6a7bd496..bc760cbe5b 100644
--- a/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
+++ b/mobile-attack/relationship/relationship--506d657b-1634-442e-8179-7187f82feb3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c379744-2ef6-4933-a037-04386f73cc53",
+    "id": "bundle--69dd9724-8e0c-4a4c-b2a1-a50c547c01b4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
index 84daeb87a0..f95de3f4c2 100644
--- a/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
+++ b/mobile-attack/relationship/relationship--5088a10e-03d2-4643-8df8-b7b601c2cc24.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--62fe88d1-cd74-44c8-ab78-2595aa79dec3",
+    "id": "bundle--27865260-053a-4f34-a5c5-385fb30f5430",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
index 7858180eb5..453a9abff6 100644
--- a/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
+++ b/mobile-attack/relationship/relationship--50ad2a8c-ed45-4376-be31-8bafa26ba794.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b98ff539-49ef-47cb-9b03-6be0a946e44f",
+    "id": "bundle--c8354dba-9587-4f63-87b8-07f8c8801fb0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
index 468ab9c89b..53cefe798e 100644
--- a/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
+++ b/mobile-attack/relationship/relationship--50bab448-fee6-49e9-a296-498fe06eacc7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5728b88a-1b35-4c7b-8517-43d2a2ea3c8a",
+    "id": "bundle--707f0c0b-9d5d-44df-a368-743f29a30992",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
index bbd193578c..fa6d59d2ad 100644
--- a/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
+++ b/mobile-attack/relationship/relationship--50c81a85-8c70-48df-a338-8622d2debc74.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bcc681f0-b48d-4add-8530-2bda3360f413",
+    "id": "bundle--e495e977-6120-490c-abe1-db27c1994561",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--50d8e788-d405-45e8-b6b7-0f02f353cc97.json b/mobile-attack/relationship/relationship--50d8e788-d405-45e8-b6b7-0f02f353cc97.json
new file mode 100644
index 0000000000..e9048f009f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--50d8e788-d405-45e8-b6b7-0f02f353cc97.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--b760b0cf-1c25-4672-9562-42842488e6aa",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--50d8e788-d405-45e8-b6b7-0f02f353cc97",
+            "created": "2023-09-28T17:20:00.981Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:20:00.981Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can request coarse and fine location permissions to track the device.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
index ce13d9987d..7ed708dad2 100644
--- a/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
+++ b/mobile-attack/relationship/relationship--50f03c00-5488-49fe-a527-a8776e526523.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9884b98-4f68-4665-9c84-39779eeea3fc",
+    "id": "bundle--3060e73a-d5f5-4348-b5ef-fa18d3f5ac3b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
index 776da76b60..40d50fdc30 100644
--- a/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
+++ b/mobile-attack/relationship/relationship--5107be8a-b5fc-4442-af0d-2c92e086a912.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dbfbbb4a-c49a-4516-b833-6d81bb1200bb",
+    "id": "bundle--4e6f9d85-2728-463b-a6d9-f98e49dbdf3f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
index 51f2556c4c..29420e2c8b 100644
--- a/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
+++ b/mobile-attack/relationship/relationship--51457698-e98b-435a-88c2-75a82cdc2bda.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c72de40-5d53-45f5-9a8e-59a84cc35913",
+    "id": "bundle--7e8d2565-5cb4-4c34-96e6-e1aad635fca6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
index 56bff85dfd..a1f1fccb13 100644
--- a/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
+++ b/mobile-attack/relationship/relationship--5151b976-cfcf-4771-a75a-995d49bcc1ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--512036f8-c073-490f-b5e2-c14b26734e7d",
+    "id": "bundle--a4481b71-6c5f-4040-8310-324c37c75526",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
index 4aad151a3e..1b3f8f88c1 100644
--- a/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
+++ b/mobile-attack/relationship/relationship--51757971-17ac-40c3-bae7-78365579db49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64606cfe-6ef2-498f-97be-903c217df27b",
+    "id": "bundle--dbec11bd-2379-4708-813d-0b0e0f04dc04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
index 75be84808a..bdb71cfdd4 100644
--- a/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
+++ b/mobile-attack/relationship/relationship--51b0a4fb-a308-4694-9437-95702a50ebd5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--75079509-0fa3-4f07-a045-14bb9d09ed78",
+    "id": "bundle--7b3c043d-5800-4f63-9ba8-e7252a41b63a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
index 64e8b82b6f..b0422088ea 100644
--- a/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
+++ b/mobile-attack/relationship/relationship--51bf6ffc-85c7-4910-8821-9736a1ec60f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8b1a776-8c2d-4fb1-9f23-b3e43b31282d",
+    "id": "bundle--1e38c9d2-2fc1-4883-99c0-3132a798cbe4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
index a642fa9600..083ea8fe63 100644
--- a/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
+++ b/mobile-attack/relationship/relationship--51d31e17-6c80-4ab3-9e8e-6231483e0999.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--115c7a50-1763-4bf1-bd31-377556ba6c81",
+    "id": "bundle--75f5718d-7c76-4029-af70-5229e974af53",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
index f956af1439..d1ceca9aaf 100644
--- a/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
+++ b/mobile-attack/relationship/relationship--51f75dd5-b584-482f-8f7f-dbee2d5cf6f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d61148d-02d1-438b-a962-8e1efc993bbd",
+    "id": "bundle--c667f379-0d47-4425-84d4-8ccee7b68347",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json b/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json
index 5dfc6db81f..72400894c4 100644
--- a/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json
+++ b/mobile-attack/relationship/relationship--520c7112-9768-42c5-8917-1950efd182f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--537c6e73-cb0a-4ee9-becd-0c1fb39d6b8b",
+    "id": "bundle--014fea56-599a-42e1-aa15-20aa7d1aac19",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json b/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json
index 9e1de4954d..2a588ce03f 100644
--- a/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json
+++ b/mobile-attack/relationship/relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--7751ee21-1a6b-448f-99e8-f1f1e646914f",
+    "id": "bundle--a298b202-a05e-49ae-92bd-2f5da9e49e23",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--52649ab6-8d1c-41d0-9804-3fd4b6a1ba48",
             "created": "2023-03-16T18:37:55.715Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:37:55.715Z",
-            "description": "",
+            "modified": "2023-08-09T14:52:23.577Z",
+            "description": "On Android, the user can use the device settings menu to view trusted CA certificates and look for unexpected or unknown certificates. A mobile security product could similarly examine the trusted CA certificate store for anomalies. Users can use the device settings menu to view which applications on the device are allowed to install unknown applications. \n\nOn iOS, the user can use the device settings menu to view installed Configuration Profiles and look for unexpected or unknown profiles. A Mobile Device Management (MDM) system could use the iOS MDM APIs to examine the list of installed Configuration Profiles for anomalies.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--fcb11f06-ce0e-490b-bcc1-04a1623579f0",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
index 7ee2531448..7fc870cb44 100644
--- a/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
+++ b/mobile-attack/relationship/relationship--526ce88f-ee58-4a55-a1b2-b72e1b5971aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a29a99c4-232f-4c9b-968d-d16937411085",
+    "id": "bundle--74d874df-677b-4c36-a1e8-eb20161de1d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
index 17606b8acd..d6ebd3470a 100644
--- a/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
+++ b/mobile-attack/relationship/relationship--529107fd-6420-4573-8dbf-cdcd49c2708c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eae6f71a-282b-4f13-bf03-c9e9295b5187",
+    "id": "bundle--e13ef62a-cb37-417d-9e61-2bec632cc324",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
index 96a09b39a2..285e48b957 100644
--- a/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
+++ b/mobile-attack/relationship/relationship--52ad5145-3b04-4cc8-bed8-4a14501afe25.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8e3f0ea-06a5-4fa8-9f0a-1474c98a31b1",
+    "id": "bundle--feb8dced-7914-4aa2-b7b3-1d649ff1f1bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
index 5d03bb02f3..b4d448eab5 100644
--- a/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
+++ b/mobile-attack/relationship/relationship--52f7e464-db89-4201-aea8-38d9b44bbd1b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57e26e1c-fd37-4c42-99fa-295a21184b70",
+    "id": "bundle--f51f71f8-2d03-4fde-b788-e010bfbd55c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
index 61c5544cd1..9f0afd54d9 100644
--- a/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
+++ b/mobile-attack/relationship/relationship--53364899-1ea5-47fa-afde-c210aed64120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--24d64663-f1b2-4669-abb8-303e2ec83b90",
+    "id": "bundle--1bb1969b-37c3-462b-9f22-36ec384d8bdc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--533e5ce5-138c-4bfc-9a59-eb0ced8e6e1a.json b/mobile-attack/relationship/relationship--533e5ce5-138c-4bfc-9a59-eb0ced8e6e1a.json
new file mode 100644
index 0000000000..f1c5c33a36
--- /dev/null
+++ b/mobile-attack/relationship/relationship--533e5ce5-138c-4bfc-9a59-eb0ced8e6e1a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c156dfa0-c870-4451-a040-5cae8a2a5433",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--533e5ce5-138c-4bfc-9a59-eb0ced8e6e1a",
+            "created": "2023-10-10T15:33:59.484Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Lookout Uyghur Campaign",
+                    "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+                    "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.484Z",
+            "description": "[CarbonSteal](https://attack.mitre.org/software/S0529) has impersonated several apps, including official Google apps, chat apps, VPN apps, and popular games.(Citation: Lookout Uyghur Campaign)",
+            "relationship_type": "uses",
+            "source_ref": "malware--007ebf84-4e14-44c7-a5aa-151d5de85320",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
index cae785c749..cb0d5142c2 100644
--- a/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
+++ b/mobile-attack/relationship/relationship--535d2425-21aa-4fe5-ae6d-5b677f459020.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6687d328-3393-47b4-80ea-a1027b251b13",
+    "id": "bundle--a1d33116-c40e-443c-97a5-1a6dee0b3be3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json b/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json
index 13c5abb3a1..172c55cf0c 100644
--- a/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json
+++ b/mobile-attack/relationship/relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--77b52ebf-cc7f-485a-b71b-7ebb5d1b89c1",
+    "id": "bundle--d1b7a5ca-9642-4bd0-8a5f-f35c9e3c5652",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--53ebd5b6-e60e-4aa4-a342-de586917f06d",
             "created": "2023-03-20T18:38:36.873Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:38:36.873Z",
-            "description": "",
+            "modified": "2023-08-10T22:26:05.065Z",
+            "description": "The user can view which applications have permission to use the camera through the device settings screen, where the user can then choose to revoke the permissions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
index 2006da6029..071def403b 100644
--- a/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
+++ b/mobile-attack/relationship/relationship--54151897-cc7e-4f92-af50-bed41ea78d92.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87456421-79ca-41cf-9ea9-8fb23da6ae76",
+    "id": "bundle--5c912871-2071-4713-a346-10422a135c35",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
index b765d26422..11fb0eeb07 100644
--- a/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
+++ b/mobile-attack/relationship/relationship--5417959b-9478-49fb-b779-3c82a10ad080.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41fdcc17-bfb7-424d-87a0-b4d39645a6fb",
+    "id": "bundle--9a40b788-f844-4cbe-93e4-b967c7416123",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
index f716a382d6..07961b8633 100644
--- a/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
+++ b/mobile-attack/relationship/relationship--544e8fc3-c656-4081-9b4f-8a5d60926f47.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--02162c4e-5057-48e1-a955-6be3939cb149",
+    "id": "bundle--678f8d28-a9f6-4500-a4a1-26bab7a54a04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
index d29eba1ec9..7fdd996eb9 100644
--- a/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
+++ b/mobile-attack/relationship/relationship--545d9313-3fcc-4d4a-b9d2-7555430df8f2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fe027a2-008f-497b-bd5d-698351e88555",
+    "id": "bundle--c1dfeed3-53a9-4263-adb9-6c42c9d36231",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
index e2472ba383..ad37289eef 100644
--- a/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
+++ b/mobile-attack/relationship/relationship--5482462c-08bc-4e28-bc20-bfbbc60f3f81.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84e5a1b7-ab70-4b99-8fb2-925498481053",
+    "id": "bundle--bebaba5a-d92f-42bc-86fb-c4b87a6b43b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54bfecbc-4d1d-4bca-bb9c-652d09b29515.json b/mobile-attack/relationship/relationship--54bfecbc-4d1d-4bca-bb9c-652d09b29515.json
new file mode 100644
index 0000000000..71f9ba4f1b
--- /dev/null
+++ b/mobile-attack/relationship/relationship--54bfecbc-4d1d-4bca-bb9c-652d09b29515.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--1e740eff-3850-40b7-8006-5c8f9eb257c9",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--54bfecbc-4d1d-4bca-bb9c-652d09b29515",
+            "created": "2023-06-09T19:10:48.877Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:14:31.727Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect the device ID, model, manufacturer, and Android version. It can also check available storage space and if the screen is locked.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
index 6e008cd0c5..0ff3bb4efc 100644
--- a/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
+++ b/mobile-attack/relationship/relationship--54ce9375-cc0f-456e-ac22-e6fe822a6cec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2edcacdb-9a13-4329-880b-80adf550aad8",
+    "id": "bundle--a2803805-49f0-4682-998a-9fabed8f50ba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
index 0a9b789112..91d527498d 100644
--- a/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
+++ b/mobile-attack/relationship/relationship--54dac52d-5279-407f-b7b4-5484ae90b98c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ced87ba9-b45a-4a2d-a150-19ea55fcc58b",
+    "id": "bundle--953fbe32-c68f-4b74-bfe5-f3908640e2f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
index 76b9388e31..f46e204cbb 100644
--- a/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
+++ b/mobile-attack/relationship/relationship--554ec347-c8b2-43da-876b-36608dcc543d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8c21e71c-18b3-4a7b-ac8a-769df25e1cfc",
+    "id": "bundle--859f1a0e-f075-4a20-bead-1642237415f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
index e981381f5c..2f48eb15fb 100644
--- a/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
+++ b/mobile-attack/relationship/relationship--557e6d99-d7d8-4e2f-bc01-66b0754de089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b29d5c15-bca4-4160-928f-97ffdaaee794",
+    "id": "bundle--da80819b-817d-4de2-a944-30e9cec9cdb5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
index 407e1d03f6..d5d5c87093 100644
--- a/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
+++ b/mobile-attack/relationship/relationship--55afe9a0-d261-48ea-b5a8-0b1685ff2f15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c8b9132-3c82-4955-9f18-0a2adb6c5a10",
+    "id": "bundle--de8bcb40-58e5-4532-86bc-8827440f4df0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
index 494ae6c110..c1c821ff8d 100644
--- a/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
+++ b/mobile-attack/relationship/relationship--55b3df0f-252d-4208-bdb8-91fa1e1119b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc982a0b-b86b-4759-9b63-ef37b8f6b38b",
+    "id": "bundle--b540bcc4-711e-4f52-a5c8-917ab4c6e706",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
index b4c468fbb9..a5e36de85a 100644
--- a/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
+++ b/mobile-attack/relationship/relationship--5619e263-d48c-47a5-ab68-8677fe080a15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--baf9c5ff-0b46-4ddc-ac3f-a1992cc2134f",
+    "id": "bundle--cdb15fa4-a1b2-43b2-bf21-50f049c1f086",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
index ddb2b97608..2b94c9f50a 100644
--- a/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
+++ b/mobile-attack/relationship/relationship--56551987-326a-46ad-a34a-59bb7ab793a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bfb33f50-c85e-4c90-8453-5ddd5118a8a3",
+    "id": "bundle--1d747ddc-5dea-4e58-9101-476015bbae04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json b/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json
index 371e377093..0ad185684d 100644
--- a/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json
+++ b/mobile-attack/relationship/relationship--56758bb5-230e-43ac-9851-167c296c3dfa.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--38e15fcf-2c85-4ac3-a4e5-b54026f65ca6",
+    "id": "bundle--41305faa-70e5-48cc-abd3-18b6b54d6abc",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--56758bb5-230e-43ac-9851-167c296c3dfa",
             "created": "2023-03-20T18:38:27.730Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:38:27.730Z",
-            "description": "",
+            "modified": "2023-08-10T22:25:29.731Z",
+            "description": "During the vetting process, applications using the Android permission `android.permission.CAMERA`, or the iOS `NSCameraUsageDescription` plist entry could be given closer scrutiny. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
index 3f3784cccb..37f3164059 100644
--- a/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
+++ b/mobile-attack/relationship/relationship--56a255a5-9fa2-45bb-8848-fd0a68514467.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--811ac2cc-5838-4f3c-a07e-da2cdb686fc2",
+    "id": "bundle--a4d030f8-3377-4a02-891d-012274b980f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--56c8af86-2924-46f8-a1d7-8309ee6f0282.json b/mobile-attack/relationship/relationship--56c8af86-2924-46f8-a1d7-8309ee6f0282.json
new file mode 100644
index 0000000000..cc972fc2dc
--- /dev/null
+++ b/mobile-attack/relationship/relationship--56c8af86-2924-46f8-a1d7-8309ee6f0282.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--649206a1-c8f7-48b3-aef9-452192d8e9ad",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--56c8af86-2924-46f8-a1d7-8309ee6f0282",
+            "created": "2023-07-21T19:36:35.822Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:36:35.822Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can collect network information, such as IP address, SIM card info, and Wi-Fi info.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
index 86b367c789..33cc6d0eed 100644
--- a/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
+++ b/mobile-attack/relationship/relationship--5706742b-733d-44e9-a032-62b81ba05bcf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--51aa2785-120b-4e8f-8e72-984aa5cb973e",
+    "id": "bundle--77530971-706f-4f9d-a357-b73f2d729705",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
index 43d6dc3b81..b30dd0fcf5 100644
--- a/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
+++ b/mobile-attack/relationship/relationship--57293fc9-8838-4acd-a16f-48f516d0921e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2752df95-2237-4cf3-b63c-b858a2812536",
+    "id": "bundle--92bcdafd-869d-49ba-bf59-2e1675f07b4f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json b/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json
index f857e3dd17..4a4db31253 100644
--- a/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json
+++ b/mobile-attack/relationship/relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--b1f9e844-61ed-4ac5-9300-cd3916e8b615",
+    "id": "bundle--33c1c94d-1a06-45c0-b82c-4bcb9fd67b17",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--576dfa89-d400-4cac-b32d-8ee85a9de5d7",
             "created": "2023-03-20T18:57:42.922Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:57:42.922Z",
-            "description": "",
+            "modified": "2023-08-10T22:17:40.405Z",
+            "description": "Application vetting services can look for the use of the Android `MediaProjectionManager` class, applying extra scrutiny to applications that use the class.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--57881f4b-8463-430c-912a-0e3c961e7784.json b/mobile-attack/relationship/relationship--57881f4b-8463-430c-912a-0e3c961e7784.json
new file mode 100644
index 0000000000..b505c3a4ed
--- /dev/null
+++ b/mobile-attack/relationship/relationship--57881f4b-8463-430c-912a-0e3c961e7784.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--7c58614a-e606-4e4c-a349-76aacb7eb961",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--57881f4b-8463-430c-912a-0e3c961e7784",
+            "created": "2023-07-21T19:52:30.528Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:52:30.529Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can copy and exfiltrate a device\u2019s contact list.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
index e7e74d336c..81eb2f823f 100644
--- a/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
+++ b/mobile-attack/relationship/relationship--57a069a0-399f-43ab-9efc-50432a41b26b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--85740bf6-4b16-4e2d-86ac-7b9045f3668c",
+    "id": "bundle--7ca4c97f-b16a-49cf-9fcd-284c39670c4e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json b/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json
index 0cd8e1e6e7..fd9b23675b 100644
--- a/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json
+++ b/mobile-attack/relationship/relationship--57a5ae72-6932-45e6-83f2-609943902b35.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--a5474dcd-3125-4a38-8fd2-10e1ea0fe6b9",
+    "id": "bundle--e90c88ab-6f91-4060-906b-d592b10ceb75",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--57a5ae72-6932-45e6-83f2-609943902b35",
             "created": "2023-03-20T18:50:33.248Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:50:33.248Z",
-            "description": "",
+            "modified": "2023-08-09T16:30:03.505Z",
+            "description": "In both Android (6.0 and up) and iOS, the user can view which applications have the permission to access the device location through the device settings screen and revoke permissions as necessary. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
index 4e137372e2..f454020df9 100644
--- a/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
+++ b/mobile-attack/relationship/relationship--57df3046-2f14-4bb8-93e9-84a9c8b46791.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11611d09-0249-4739-b401-d98ec6c49343",
+    "id": "bundle--bc9177f1-2222-4ad8-852e-346edbe98d88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json b/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json
index 364b590f4b..9c8e815bca 100644
--- a/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json
+++ b/mobile-attack/relationship/relationship--57e441f8-6799-4d1b-8e2a-13d8ac1c8e78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e447fdfb-7639-4f44-94c8-bf1bb8f6d157",
+    "id": "bundle--8aeb75f3-49d3-42d5-aff3-8aa3affb1f63",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
index da51937174..16d62dd4b9 100644
--- a/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
+++ b/mobile-attack/relationship/relationship--58c0fe4b-612d-4fc6-973f-16914b0f4b72.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81a3f86c-72c0-4fec-adc7-18913dd3aa75",
+    "id": "bundle--eed1f433-ae6a-4321-ab9c-0a1e142cd817",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
index 74189b1c72..c9f8ffb35c 100644
--- a/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
+++ b/mobile-attack/relationship/relationship--58c15bce-1593-4be1-ae56-7e7b2634fc56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88f5b5ab-0f47-4eca-83b1-52c7323a176b",
+    "id": "bundle--f92977b9-b122-4865-b104-e9c906099878",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
index 9319264038..50077ce2e3 100644
--- a/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
+++ b/mobile-attack/relationship/relationship--58c857f8-4f40-48e0-b3ac-41944d82b576.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--880c2296-84c8-40c1-a59f-0cbddc42480d",
+    "id": "bundle--f1b7f5d8-8a7d-4de5-8101-fa2591be353a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json b/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json
index a5797e6343..05acb54dd9 100644
--- a/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json
+++ b/mobile-attack/relationship/relationship--592331d2-60a7-4264-b844-fbeb89b6386c.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--1e4276e6-6029-442f-8b90-c39b7606b0ab",
+    "id": "bundle--7d43ea1d-b5e5-400a-957a-6be67c8463e3",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--592331d2-60a7-4264-b844-fbeb89b6386c",
             "created": "2023-03-20T18:58:56.942Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:58:56.942Z",
-            "description": "",
+            "modified": "2023-08-14T16:53:16.626Z",
+            "description": "The user can view the default SMS handler in system settings.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
index a55d7226c2..0d943c0e2f 100644
--- a/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
+++ b/mobile-attack/relationship/relationship--5977289e-d38f-4974-912b-2151fc00c850.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be90a765-a6d5-4890-9c62-22f6aedcc016",
+    "id": "bundle--4cd7af8e-a069-458a-9b27-2f0b8c159c4e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
index 700c1ddb32..41a1efac13 100644
--- a/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
+++ b/mobile-attack/relationship/relationship--59aaa62b-a629-42c8-9bd2-8e75810135a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--85e1530c-106c-4352-ab32-3bf36b71e8f5",
+    "id": "bundle--2a3ccffa-57c3-4574-8fe0-2ed5cb0ec5fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json b/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json
index a8458b39c0..039bc4c2ea 100644
--- a/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json
+++ b/mobile-attack/relationship/relationship--59c2bfb5-a55b-43d3-b1e9-3fbaff0fb7fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb195921-8dd6-4a7e-a286-8447c9448d6c",
+    "id": "bundle--41071797-72c7-4dc7-8b89-22ff17505007",
     "spec_version": "2.0",
     "objects": [
         {
@@ -12,8 +12,8 @@
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:47:25.861Z",
-            "description": "",
+            "modified": "2023-08-08T22:35:46.046Z",
+            "description": "Mobile security products can use attestation to detect compromised devices.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--a91262d5-b9ff-463f-b8d2-12e4ea1eb3c9",
diff --git a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
index e9d1ebf41a..56faca407e 100644
--- a/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
+++ b/mobile-attack/relationship/relationship--59d463d3-3a41-4269-be9a-7a69f44eca78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--02c820da-74e5-429b-ae29-8e603ba7ab82",
+    "id": "bundle--705c6369-6521-4250-b4da-891a256d7c59",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
index 81ecbea155..40b81018a3 100644
--- a/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
+++ b/mobile-attack/relationship/relationship--59e225fa-b181-4906-9f0b-ef8f6ce7f2ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--33d4d247-a20f-4f02-8920-2753660d57c1",
+    "id": "bundle--5a62649e-f835-4ffb-bed8-36044e79c0ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
index 114bcc195d..55dd51ff76 100644
--- a/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
+++ b/mobile-attack/relationship/relationship--5a036fb8-9f72-4383-91c5-0f47b33b2c9d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9ba9474c-faaf-4d71-bf98-d99e9272d638",
+    "id": "bundle--5ecfd000-06c5-4ee2-a15c-104d236ccdae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
index 68f6e52a2a..d1f809b874 100644
--- a/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
+++ b/mobile-attack/relationship/relationship--5a18e6c3-4bbf-4418-8815-55ebf283c8a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2678b8e-1fbb-43c4-b5c6-8a950a56af38",
+    "id": "bundle--dca8e769-0d6a-43a9-9655-e0d3dff82708",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
index 731ced42b2..f6dcdda0fc 100644
--- a/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
+++ b/mobile-attack/relationship/relationship--5a277966-4559-487e-bdfb-7be6366ccdb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0bddef87-f498-43df-8964-2e72256ca3ed",
+    "id": "bundle--f94c28f9-66c3-487b-a55e-540b8df59e7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
index e0946ee741..b528611b99 100644
--- a/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
+++ b/mobile-attack/relationship/relationship--5a2bff26-f5e5-41f9-b3da-a558988ef3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9a4b48e-4a8f-4ed8-9efe-83512f743dd7",
+    "id": "bundle--4c69906b-68a7-4cf9-972c-be834a906860",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
index 36d32a64d0..0c2fd1d9e0 100644
--- a/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
+++ b/mobile-attack/relationship/relationship--5a50d9da-3fa5-443e-8367-8a0520d58cae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71e4f220-d4d0-4e65-870b-d59bd27d9bc9",
+    "id": "bundle--e9a611db-fc5c-4459-b910-1bf1856abad3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json b/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json
index a291f6989e..c91d7a7d8c 100644
--- a/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json
+++ b/mobile-attack/relationship/relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--df171a36-fbff-46d7-bb43-956e34ced6de",
+    "id": "bundle--7363b236-ba31-46b9-8fca-aaa9576ec5dc",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--5a64b957-32fb-4dd6-84ae-48a2c74c560f",
             "created": "2023-03-20T15:56:34.418Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:56:34.418Z",
-            "description": "",
+            "modified": "2023-08-08T15:27:56.357Z",
+            "description": "Application vetting services can check for the string `BIND_DEVICE_ADMIN` in the application\u2019s manifest. This indicates it can prompt the user for device administrator permissions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
index c184ff82ad..2c583f79a5 100644
--- a/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
+++ b/mobile-attack/relationship/relationship--5a6df1dd-9aa4-4f67-9195-8c3a9f5c0f7a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a59fa846-5ae3-4832-82a6-48c62bb74170",
+    "id": "bundle--c49e9206-a6fe-4b75-8ac4-059f4d891bdc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
index 9fb72b93be..8b8dd0b198 100644
--- a/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
+++ b/mobile-attack/relationship/relationship--5a7295a2-ad95-4362-8b2c-9265ad5c73b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d5dde85-a43d-4acf-9f85-4f2e9b1f63c1",
+    "id": "bundle--c64419de-b654-41c8-b0ce-c2fdb573041a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
index 1ecd9c6c8e..784ea0631b 100644
--- a/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
+++ b/mobile-attack/relationship/relationship--5a96d87e-f70e-49dc-a272-c98aad672ce0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e2ab6f3-2a1b-4a52-af08-eed326b386a2",
+    "id": "bundle--f5893f66-7020-4a38-a3be-67f705c49147",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
index edd03cbdb5..f249f32f23 100644
--- a/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
+++ b/mobile-attack/relationship/relationship--5aa167b8-4166-440b-b49f-bf1bab597237.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a64edc12-868b-4ff5-93b5-fe5ae3622e22",
+    "id": "bundle--7d1082e7-4877-453e-961c-93694727b6c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json b/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json
index 3161213a95..fa76dd44e6 100644
--- a/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json
+++ b/mobile-attack/relationship/relationship--5b04c8d0-c026-4838-9383-e4146de36d4d.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--0579446b-2b12-4a08-b7f0-952a08ffa284",
+    "id": "bundle--6e111406-7df5-4316-8b3f-0579143617a7",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--5b04c8d0-c026-4838-9383-e4146de36d4d",
             "created": "2023-03-16T18:33:19.941Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:33:19.941Z",
-            "description": "",
+            "modified": "2023-08-09T15:34:11.221Z",
+            "description": "Application vetting services could detect usage of standard clipboard APIs.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--c4b96c0b-cb58-497a-a1c2-bb447d79d692",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
index 2ff4c85385..6fff9bef64 100644
--- a/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
+++ b/mobile-attack/relationship/relationship--5b235ed4-548d-49f2-ae01-1874666e6747.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b632725e-ef2c-42fa-a17e-9fedc18e0ade",
+    "id": "bundle--5f7850d0-547f-4470-8fc2-4158738f7564",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
index 7ad966313d..3e73bd0310 100644
--- a/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
+++ b/mobile-attack/relationship/relationship--5b37d94a-64a3-432a-b340-1c9a4f553d02.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e0d57b0-cda0-4e4d-b81e-890c1bba567e",
+    "id": "bundle--6a459f67-84dc-4d2c-b52f-9ad11065a32d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
index 5e7f4f1766..4003feaad2 100644
--- a/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
+++ b/mobile-attack/relationship/relationship--5b5586b9-75ee-476f-b3eb-49878254302c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef30c02b-d4f2-4c38-9c9f-e4d4535cf892",
+    "id": "bundle--66e46d01-17d7-4ba9-8a1c-53c11944dbc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
index 6d6473fca8..916437d00c 100644
--- a/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
+++ b/mobile-attack/relationship/relationship--5b670281-0054-42b4-8e54-ea01a692f5bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1a1ef1c-8ba1-411d-8441-3ec3b022dd52",
+    "id": "bundle--9b5711b1-90b7-49fc-8934-68a2ad6eea11",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
index 505fb950b5..2c8862eb48 100644
--- a/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
+++ b/mobile-attack/relationship/relationship--5b87bb01-9587-42bd-aa6b-30158ca8f55f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07e38504-2e5f-4893-927b-c0b2744a4792",
+    "id": "bundle--5b304ba5-4cf3-4d1f-8a5c-913d4ac24523",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5b9a2c93-95bf-4f39-aeac-b2af051faca9.json b/mobile-attack/relationship/relationship--5b9a2c93-95bf-4f39-aeac-b2af051faca9.json
new file mode 100644
index 0000000000..4d8dc94745
--- /dev/null
+++ b/mobile-attack/relationship/relationship--5b9a2c93-95bf-4f39-aeac-b2af051faca9.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--44f89b5d-eae5-46c9-b84f-aee9444fb4c8",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--5b9a2c93-95bf-4f39-aeac-b2af051faca9",
+            "created": "2023-08-23T22:50:55.591Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-23T22:50:55.591Z",
+            "description": "Application vetting services may detect API calls to `performGlobalAction(int)`. ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+            "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
index bc50a8dde4..25b13d552d 100644
--- a/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
+++ b/mobile-attack/relationship/relationship--5c1e3aa9-160d-49fd-83a2-2ed2f8c5435c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de847e0f-2424-494e-8d3f-5986c7e65fc7",
+    "id": "bundle--8e5fdae6-cb17-4b3f-a4e1-d69063611b04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json b/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json
index 9e86531c40..12db87e775 100644
--- a/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json
+++ b/mobile-attack/relationship/relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--c65ba0cc-74f5-465a-b27f-78e550a44e73",
+    "id": "bundle--42b0d512-376e-43c7-a6ad-3ea46488c1de",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--5c447471-2b97-4d96-b75f-1cbb574b39cf",
             "created": "2023-03-20T15:46:49.646Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:46:49.646Z",
-            "description": "",
+            "modified": "2023-08-09T15:39:37.117Z",
+            "description": "Application vetting services may be able to detect known privilege escalation exploits contained within applications, as well as searching application packages for strings that correlate to known password store locations.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
index f83d743208..f0981a7075 100644
--- a/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
+++ b/mobile-attack/relationship/relationship--5c746ac8-4034-4ae3-98c3-66d89f5a6d6a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d96e61d2-0768-4ef3-bb38-1efc8d9857b0",
+    "id": "bundle--3155696f-f974-45c0-8665-c84d34bf12b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
index c833cea4e3..98524033c7 100644
--- a/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
+++ b/mobile-attack/relationship/relationship--5c7508ae-5d05-49fd-a489-b944d3b45dd0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d9829fb0-f83d-4934-9d55-0cb9d9577a09",
+    "id": "bundle--cf2975a3-5a3c-45c4-96ac-35a536734aab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
index 04687cf680..d30a80e33c 100644
--- a/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
+++ b/mobile-attack/relationship/relationship--5ced57a7-b674-40d4-98b8-a090963a6ade.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ecc45842-3bb0-420f-b49a-5789415ff63c",
+    "id": "bundle--5638e2b5-8d00-4d38-8833-a397187becc3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json b/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json
index a1ae30f14f..a190792384 100644
--- a/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json
+++ b/mobile-attack/relationship/relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--9e991c90-4033-4ff2-b01a-fc6eac92e4a6",
+    "id": "bundle--3df1bb23-f6fc-4127-ae3d-75ac5f5e23a5",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--5d0fdc8a-af17-4334-88e6-111aa290b22f",
             "created": "2023-03-20T18:43:14.051Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:43:14.051Z",
-            "description": "",
+            "modified": "2023-08-08T21:18:54.014Z",
+            "description": "The user can see a list of applications that can use accessibility services in the device settings.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
index f140e0b74c..315b03c2f2 100644
--- a/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
+++ b/mobile-attack/relationship/relationship--5d2a3a9f-2467-4ac6-ab64-ffe91ec584da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aeb4c9ba-f8fe-42a1-8c45-6c28ac403752",
+    "id": "bundle--2f6b1480-9290-4ca2-893c-3ac0ad610d89",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json b/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json
index 81a633ad96..4a0746fab7 100644
--- a/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json
+++ b/mobile-attack/relationship/relationship--5d37400f-80f9-4500-9357-185650e5a7b2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be39a649-4c5c-4fc0-af36-dcf5cf8222ba",
+    "id": "bundle--a085bfc0-20cf-4b53-a449-0bc589aa67ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json b/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json
index 82a348836e..5b70b48058 100644
--- a/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json
+++ b/mobile-attack/relationship/relationship--5dc4eaca-ff82-412a-a8dd-168de1857d8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e781a1b0-fa6f-484b-a75f-4e7596de6de2",
+    "id": "bundle--fdf174d9-250a-4d8e-9505-467f1456aea0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json b/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json
index 83a0d64743..40d39c0fb2 100644
--- a/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json
+++ b/mobile-attack/relationship/relationship--5dd9e0aa-e4dc-4776-9580-5a765c2cc08d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--69b99fbe-8cfa-447e-abd5-9365589ff1e4",
+    "id": "bundle--6d04bc3d-ebe8-445c-b982-d43ee500f377",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
index 8233e29af4..a142faa9a7 100644
--- a/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
+++ b/mobile-attack/relationship/relationship--5de0caa8-81f8-453c-b70c-a74e7ea9e5c2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--356f63f8-5b00-4fd3-8203-0df2e6d6f100",
+    "id": "bundle--5bc41464-964c-4620-bb4a-4a5cbd80ec7a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
index f32fc7d4df..0db2d135d3 100644
--- a/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
+++ b/mobile-attack/relationship/relationship--5e360913-4986-4423-8d3c-46d3202b7787.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8de9e2d-465c-413b-811d-de7d6e2f060f",
+    "id": "bundle--2841af8d-b697-4462-ae9a-64b9e280d6ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
index 1236cfa4de..682a154d1b 100644
--- a/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
+++ b/mobile-attack/relationship/relationship--5e74f4f8-5057-42f4-9796-aee60122cf6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e85f5f2-fa14-4c39-a6a6-21620278a7b5",
+    "id": "bundle--ba56ed2e-b5de-4eba-9059-b118d9b908ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
index 14b8e056fa..a263f692e1 100644
--- a/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
+++ b/mobile-attack/relationship/relationship--5e95ca90-bf75-4031-a28f-f8565c02185c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cfd4c087-539d-4127-a4b2-ce07bd758fc0",
+    "id": "bundle--3a8e5c02-91b8-4d57-9eff-811bd620d611",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json b/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json
index a8858ffd28..682de820bd 100644
--- a/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json
+++ b/mobile-attack/relationship/relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--953ce0c0-29a2-49d4-b2b2-3cf44f7b12e3",
+    "id": "bundle--60311586-a92f-4e46-8ec3-a3755499fe37",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--5ec3fcbb-d2ac-44ba-a2d4-99e7ddacf3a2",
             "created": "2023-03-20T18:59:57.364Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:59:57.364Z",
-            "description": "",
+            "modified": "2023-08-08T17:05:08.407Z",
+            "description": "The user can examine the list of all installed applications in the device settings. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--fc53309d-ebd5-4573-9242-57024ebdad4f",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json b/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json
index 6db2338b0b..962e199c3f 100644
--- a/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json
+++ b/mobile-attack/relationship/relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--62104250-8c51-4a9c-88d3-fac1afa20c68",
+    "id": "bundle--e9a0a148-aabc-4f7c-b0ab-6ac0846a6625",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--6001f77a-da30-4ebc-85fd-5bf9afe5f0a1",
             "created": "2023-03-15T16:24:12.588Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:24:12.588Z",
-            "description": "",
+            "modified": "2023-08-08T15:26:59.132Z",
+            "description": "Application vetting services can detect when an application requests administrator permission.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json b/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json
index e3f68c0fd0..b65831b2f3 100644
--- a/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json
+++ b/mobile-attack/relationship/relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--ff5a095c-cd5a-4967-903f-a7aa16289b0d",
+    "id": "bundle--5dbe54a6-e46f-47ff-ae10-a20481401ca7",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--603df08f-22d3-4418-9151-4b3a3c9c7c24",
             "created": "2023-03-15T16:40:37.553Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:40:37.553Z",
-            "description": "",
+            "modified": "2023-08-10T21:03:10.023Z",
+            "description": "Mobile security products can potentially detect rogue Wi-Fi access points if the adversary is attempting to decrypt traffic using an untrusted SSL certificate. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
             "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
index 893576ed24..dc2f7ff6e8 100644
--- a/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
+++ b/mobile-attack/relationship/relationship--605d95a1-0493-418e-9d81-de58531c4421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--256b60f7-6bb2-44cc-93c0-ce4d23307dd7",
+    "id": "bundle--cd84946f-21c1-412a-a4b5-b1c440ee68e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json b/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json
index 8f72d557e4..70801ada71 100644
--- a/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json
+++ b/mobile-attack/relationship/relationship--60782df8-1e96-48eb-a6b7-843c94b32b59.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--31688af1-57ad-4434-9b42-b1d034342b1d",
+    "id": "bundle--b7511a0f-56e8-427d-8a31-067a55de62fa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
index 092a0cca9b..f816ef75dd 100644
--- a/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
+++ b/mobile-attack/relationship/relationship--6086e1e2-1b39-4ff2-910e-4a4eb86d57b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--420339ca-5096-412b-bb7a-43228924b71e",
+    "id": "bundle--6a8bbd4e-2220-4000-ab6e-e515412364fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--609ec9f8-f702-444b-b837-72a0880d429b.json b/mobile-attack/relationship/relationship--609ec9f8-f702-444b-b837-72a0880d429b.json
new file mode 100644
index 0000000000..7e81c5d1c5
--- /dev/null
+++ b/mobile-attack/relationship/relationship--609ec9f8-f702-444b-b837-72a0880d429b.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--2704d108-c7eb-4186-813f-61c0fb084115",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--609ec9f8-f702-444b-b837-72a0880d429b",
+            "created": "2023-09-22T19:17:01.704Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T19:17:01.704Z",
+            "description": "The user may view applications with administrator access through the device settings and may also notice if user data is inexplicably missing. ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+            "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json b/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json
index 856e63c87b..d56c308bc7 100644
--- a/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json
+++ b/mobile-attack/relationship/relationship--60ad088f-3133-4b0c-a441-e1e06fff1765.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e2715cf8-db92-4151-88a0-5a29f62c7d89",
+    "id": "bundle--351e8d3b-6b52-4fdd-9d13-2b40a3e07870",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
index 2c1ee30b10..d07de47183 100644
--- a/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
+++ b/mobile-attack/relationship/relationship--60db521a-ae2d-4a9a-8c6d-47a5528f1ecb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8c8775c-e5ad-433d-9f12-f5195b04076d",
+    "id": "bundle--beb63192-aa8f-4b95-a2f0-bb85ea538663",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
index a9e5a64b42..fde48b080f 100644
--- a/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
+++ b/mobile-attack/relationship/relationship--60e2ebd0-90dc-4131-ba4f-adc9b49ec113.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3601c7f0-fb24-4d82-8a33-95897a3672d1",
+    "id": "bundle--b1225646-20bd-46ba-b59a-be048062d389",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
index f4ec763362..8a67794dde 100644
--- a/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
+++ b/mobile-attack/relationship/relationship--60ecd154-e907-419a-b41d-1a9a1f59e7c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--feaa1a2e-2d29-4cb5-9f39-8ce6c79679ff",
+    "id": "bundle--d1216a65-e363-4a68-af75-08e39026815a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
index 264d89e9bd..05b5b48dba 100644
--- a/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
+++ b/mobile-attack/relationship/relationship--61071d73-fcdf-4820-afd0-e3f0983e0a71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fbb3652-07ee-429a-8b93-fcf15bb1a2ce",
+    "id": "bundle--023c8a16-fc87-41cc-a4e5-219529fc949d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
index f37986a44c..f127d56e52 100644
--- a/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
+++ b/mobile-attack/relationship/relationship--61550ef4-41f0-4354-af5c-f47db8aca654.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5e0b7bcd-9fe3-484d-8387-27fc4b0238d5",
+    "id": "bundle--8e623ba3-37b0-422c-84de-f8ebfe9442dc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
index abe30064dc..475a09e220 100644
--- a/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
+++ b/mobile-attack/relationship/relationship--6176a297-3097-42e2-b1c2-815e7fd8c81c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0ea7de7-9bff-4d39-860f-60293084d515",
+    "id": "bundle--bcfb187b-b92c-4a1d-a3c4-fc569cef3187",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
index 4ca5ee3f8d..9c4a2d40ce 100644
--- a/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
+++ b/mobile-attack/relationship/relationship--6209cccd-2877-4941-ac0c-bec3ba7a5544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b46b338-0fd2-40b6-9216-36e9fb898251",
+    "id": "bundle--687baf9d-298b-4732-8c1b-caf6a0f02155",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json b/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json
index 1c01c0be79..8a05c4fc41 100644
--- a/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json
+++ b/mobile-attack/relationship/relationship--62623afc-8222-4d59-b5d0-7bc1ccc7fadc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--45ae2146-05b5-4662-9929-7ad439920296",
+    "id": "bundle--c3b6dde8-b65d-4f01-a8aa-2154511052f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json b/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json
index cc0f50e2f3..23c126eaad 100644
--- a/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json
+++ b/mobile-attack/relationship/relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--2611b82e-ff47-470f-881a-0456b6f7e67f",
+    "id": "bundle--1767c054-50b0-4b21-88f4-3bedd8c6f53b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--626d4c6c-97e4-4aa3-922b-c1a81e677213",
             "created": "2023-03-20T15:32:36.972Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:32:36.972Z",
-            "description": "",
+            "modified": "2023-08-07T17:18:06.656Z",
+            "description": "Application vetting services can detect malicious code in applications.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
index b05cda9315..43f940d177 100644
--- a/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
+++ b/mobile-attack/relationship/relationship--628435f7-7d1e-40f1-a29a-7c5861b14c7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e916e801-22e8-4228-a7cd-3a8e42b683e6",
+    "id": "bundle--e8587dd0-5562-48d1-9462-5f122586d7c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
index 5ecedc7ceb..ef08f1d73f 100644
--- a/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
+++ b/mobile-attack/relationship/relationship--6294e276-e4ac-4097-a5cd-3b81e0d4498f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6b482df9-9486-49df-9459-65e2d3edcb06",
+    "id": "bundle--43e06051-2c61-4636-bd81-cddee4460d93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
index 638cf2f7b5..40630b707b 100644
--- a/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
+++ b/mobile-attack/relationship/relationship--62cc60d9-1581-4a0f-b7e2-a18d386511e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--94bb7132-a5cc-4b5f-9880-9786e2465667",
+    "id": "bundle--197ce5e8-2aff-4f25-a312-ffc3cd079e6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6315b6ec-35f8-4b28-8603-664664311a33.json b/mobile-attack/relationship/relationship--6315b6ec-35f8-4b28-8603-664664311a33.json
new file mode 100644
index 0000000000..e32619b2fc
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6315b6ec-35f8-4b28-8603-664664311a33.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--39534b01-9921-4f16-adda-738b61649459",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6315b6ec-35f8-4b28-8603-664664311a33",
+            "created": "2023-08-16T16:44:53.770Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:44:53.770Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can read the name of application packages.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
index 1b332ebdf2..52b917dea4 100644
--- a/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
+++ b/mobile-attack/relationship/relationship--634071ce-d386-4143-8e6e-b88bc077de6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f55c3840-9641-4f0d-8260-7fd80bf586de",
+    "id": "bundle--9194aa41-d381-442b-8121-1525511e3ce1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
index b35bf43fe2..d705c32df9 100644
--- a/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
+++ b/mobile-attack/relationship/relationship--638f3d4b-f1d4-4c61-91a0-7c125ef8437a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--efa38847-2967-46c1-9560-04020acddafb",
+    "id": "bundle--ea1b7ee5-d406-428e-a863-86fdc1993415",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
index 715df4390e..20b99f85f1 100644
--- a/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
+++ b/mobile-attack/relationship/relationship--63e67cba-4eae-4495-8897-2610103a0c41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--daca6ff9-08dd-4307-8ecc-617d64747c3f",
+    "id": "bundle--50822da9-e850-4aa8-be65-3da4c2ea5fa5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--642a2599-a50c-480c-8e07-2a3a217f4a46.json b/mobile-attack/relationship/relationship--642a2599-a50c-480c-8e07-2a3a217f4a46.json
new file mode 100644
index 0000000000..8485ca3e85
--- /dev/null
+++ b/mobile-attack/relationship/relationship--642a2599-a50c-480c-8e07-2a3a217f4a46.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--6377d5ee-e34d-4973-bbea-df890843113d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--642a2599-a50c-480c-8e07-2a3a217f4a46",
+            "created": "2023-07-21T19:52:13.807Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:52:13.807Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can turn on a device\u2019s microphone to capture audio.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--64489abc-5c2f-4620-833d-9ac010040955.json b/mobile-attack/relationship/relationship--64489abc-5c2f-4620-833d-9ac010040955.json
new file mode 100644
index 0000000000..c4fcc22f09
--- /dev/null
+++ b/mobile-attack/relationship/relationship--64489abc-5c2f-4620-833d-9ac010040955.json
@@ -0,0 +1,38 @@
+{
+    "type": "bundle",
+    "id": "bundle--45b66ac7-90ba-45ae-9509-fdd17528c086",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--64489abc-5c2f-4620-833d-9ac010040955",
+            "created": "2023-08-14T16:19:54.684Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "unit42_strat_aged_domain_det",
+                    "description": "Chen, Z. et al. (2021, December 29). Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends. Retrieved July 31, 2023.",
+                    "url": "https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/"
+                },
+                {
+                    "source_name": "Data Driven Security DGA",
+                    "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+                    "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-14T16:19:54.684Z",
+            "description": "Monitor for pseudo-randomly generated domain names based on frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Additionally, check if the suspicious domain has been recently registered, if it has been rarely visited, or if the domain had a spike in activity after being dormant.(Citation: unit42_strat_aged_domain_det) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+            "target_ref": "attack-pattern--fd211238-f767-4599-8c0d-9dca36624626",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json b/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json
index b78eb88d24..bb04a2a998 100644
--- a/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json
+++ b/mobile-attack/relationship/relationship--644a19d3-c94f-40d9-87ac-02ef20b14eda.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--224c8e0b-6668-485d-8941-1fc1c48ffc3d",
+    "id": "bundle--7707e770-4816-4038-8a4d-e133f3d01f46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
index c60a1d0c19..4edc61172f 100644
--- a/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
+++ b/mobile-attack/relationship/relationship--64ddcf35-dbf0-4b9f-bf07-1e0bde8bbe65.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2abb2d4a-3b9a-4e39-9402-1824d996adbe",
+    "id": "bundle--5006c264-1762-42a6-84cd-3178094a4dd4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
index cbf7b3dba3..b3de1d3c6c 100644
--- a/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
+++ b/mobile-attack/relationship/relationship--6556536c-d5ea-4a3d-ae48-4016d4d762ff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37f5f09e-ade3-41b4-9eba-fc194369b65b",
+    "id": "bundle--c2236a3d-965a-45c2-8e34-d3821681c424",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
index a86d6d72cc..694497710f 100644
--- a/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
+++ b/mobile-attack/relationship/relationship--657f1d8c-3982-4ee5-95dc-c8ec3164cb2e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8afe111c-445c-459f-8d46-73e9446087ed",
+    "id": "bundle--5a046162-e6d0-4787-82d4-4d00da945d09",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
index 563a881110..063c2fb2ec 100644
--- a/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
+++ b/mobile-attack/relationship/relationship--65803bfa-7601-44ad-95ea-64d8bfd778a4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e2f1c28-55b8-4cd8-a16d-b96baec7db7f",
+    "id": "bundle--92f61f7d-d635-4d74-8404-8972f8cd7efb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6588186c-2fa1-408d-bef4-2d63ccf49c28.json b/mobile-attack/relationship/relationship--6588186c-2fa1-408d-bef4-2d63ccf49c28.json
new file mode 100644
index 0000000000..ac7a719161
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6588186c-2fa1-408d-bef4-2d63ccf49c28.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--731e1156-09c0-4b84-9bf5-ad434e86fd7b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6588186c-2fa1-408d-bef4-2d63ccf49c28",
+            "created": "2023-10-10T15:33:58.533Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "CYBERWARCON CHEMISTGAMES",
+                    "description": "B. Leonard, N. Mehta. (2019, November 21). The Secret Life of Sandworms. Retrieved December 31, 2020.",
+                    "url": "https://www.youtube.com/watch?v=xoNSbm1aX_w"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.533Z",
+            "description": "[CHEMISTGAMES](https://attack.mitre.org/software/S0555) has masqueraded as popular South Korean applications.(Citation: CYBERWARCON CHEMISTGAMES)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a0d774e4-bafc-4292-8651-3ec899391341",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6588914f-d270-47d3-b889-046564ad616f.json b/mobile-attack/relationship/relationship--6588914f-d270-47d3-b889-046564ad616f.json
new file mode 100644
index 0000000000..aa209d8a27
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6588914f-d270-47d3-b889-046564ad616f.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--ec915823-240a-4027-ae21-771e7d83bc94",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6588914f-d270-47d3-b889-046564ad616f",
+            "created": "2023-08-16T16:35:21.853Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:35:21.853Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can gather SMS messages.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
index 792ca8c902..e94ca9cdde 100644
--- a/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
+++ b/mobile-attack/relationship/relationship--65a24b75-4bb0-441a-8cb2-a34077b13f61.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--048ce7b9-2613-4ec5-9776-89ef0dd1d56c",
+    "id": "bundle--9c93bd66-647b-4cc6-96c4-233c9fa6254a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
index 3ca625013e..f97f2e0f25 100644
--- a/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
+++ b/mobile-attack/relationship/relationship--65acbbe2-48e1-4fba-a781-39fb040a711d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fc404099-4401-4309-801e-c0eca2d24f5b",
+    "id": "bundle--60917dcc-b5cd-4482-b445-56c15b0b8f93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--65dc7cc1-e047-4087-8b2b-7d0d0f67576a.json b/mobile-attack/relationship/relationship--65dc7cc1-e047-4087-8b2b-7d0d0f67576a.json
new file mode 100644
index 0000000000..c63120c74b
--- /dev/null
+++ b/mobile-attack/relationship/relationship--65dc7cc1-e047-4087-8b2b-7d0d0f67576a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--9491eade-7b4f-4ed4-9b03-1429ad51b6d2",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--65dc7cc1-e047-4087-8b2b-7d0d0f67576a",
+            "created": "2023-08-16T16:34:14.088Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:34:14.088Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can perform overlay attacks against a device by injecting HTML phishing pages into a webview.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6603a556-9732-4f8b-ac9c-5c3949b251ed.json b/mobile-attack/relationship/relationship--6603a556-9732-4f8b-ac9c-5c3949b251ed.json
new file mode 100644
index 0000000000..b77897a364
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6603a556-9732-4f8b-ac9c-5c3949b251ed.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--7224752e-3b74-4c51-8ceb-a5973af3ea89",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6603a556-9732-4f8b-ac9c-5c3949b251ed",
+            "created": "2023-09-21T22:20:53.256Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "app_hibernation",
+                    "description": "Android Developers. (2023, August 28). App hibernation. Retrieved September 21, 2023.",
+                    "url": "https://developer.android.com/topic/performance/app-hibernation"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T22:25:08.129Z",
+            "description": "Android 11 and above implement application hibernation, which can hibernate an application that has not been used for a few months and can reset the application\u2019s permission requests.(Citation: app_hibernation)",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--0beabf44-e8d8-4ae4-9122-ef56369a2564",
+            "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6609b892-d388-4b8a-ac21-5cbf12e0d574.json b/mobile-attack/relationship/relationship--6609b892-d388-4b8a-ac21-5cbf12e0d574.json
new file mode 100644
index 0000000000..a5bf26e121
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6609b892-d388-4b8a-ac21-5cbf12e0d574.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--bbc26041-6a7b-4a3f-beb7-ba6d2015cd22",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6609b892-d388-4b8a-ac21-5cbf12e0d574",
+            "created": "2023-10-10T15:33:58.701Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Forbes Cerberus",
+                    "description": "Z. Doffman. (2019, August 16). Warning As Devious New Android Malware Hides In Fake Adobe Flash Player Installations (Updated). Retrieved June 26, 2020.",
+                    "url": "https://www.forbes.com/sites/zakdoffman/2019/08/16/dangerous-new-android-trojan-hides-from-malware-researchers-and-taunts-them-on-twitter/#1563fef26d9c"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.701Z",
+            "description": "[Cerberus](https://attack.mitre.org/software/S0480) has pretended to be an Adobe Flash Player installer.(Citation: Forbes Cerberus)",
+            "relationship_type": "uses",
+            "source_ref": "malware--037f44f0-0c07-4c7f-b40e-0325b5b228a9",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
index d85a98bbd8..ffbe494069 100644
--- a/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
+++ b/mobile-attack/relationship/relationship--66132260-65d1-4bf5-8200-abdb2014be6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a4cb1af-6f58-4fef-93e2-fac702f775ad",
+    "id": "bundle--09592b73-2625-4ceb-8738-42cbb164683d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
index fc15c8adb7..b7c2603763 100644
--- a/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
+++ b/mobile-attack/relationship/relationship--6661823b-4fdd-4879-ad5d-64c9a4b12519.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dfa7e132-1d96-4835-b32b-a3fb31d02ddd",
+    "id": "bundle--4e77838b-5a73-4e5e-806f-38875bd3276d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
index 2f57cdb339..95edcb2da6 100644
--- a/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
+++ b/mobile-attack/relationship/relationship--66ba3094-7c14-41b9-b7c1-814d026156b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bbec8be7-36a3-4b1e-beb6-6f958538a635",
+    "id": "bundle--ff8dd53f-ecfa-4b78-b0e5-d8d3bcea2a85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
index 6251a17073..2dd22c66ee 100644
--- a/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
+++ b/mobile-attack/relationship/relationship--66c7fdcf-b9ef-429e-81b2-e97e971cfb42.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d2fc659-e7c2-4c5f-9f7e-4c7d4d523ad5",
+    "id": "bundle--5462ae3a-54bc-4bdc-8bda-803e86ddb3d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json b/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json
index dec3432bc5..872c2cb53a 100644
--- a/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json
+++ b/mobile-attack/relationship/relationship--66fb8a34-9d48-4599-a56e-19b057380030.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--aacd3f31-e914-4661-9361-6ef722873c62",
+    "id": "bundle--fd8ef5cc-beaf-4526-8ba4-0f2e33fdcae9",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--66fb8a34-9d48-4599-a56e-19b057380030",
             "created": "2023-03-20T18:46:08.304Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:46:08.304Z",
-            "description": "",
+            "modified": "2023-08-08T15:04:38.833Z",
+            "description": "Mobile threat defense agents could detect unauthorized operating system modifications by using attestation. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--c6e17ca2-08b5-4379-9786-89bd05241831",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
index e958aafe2e..4aafd16df3 100644
--- a/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
+++ b/mobile-attack/relationship/relationship--670a0995-a789-4674-9e91-c74316cdef90.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b02b7025-0d8b-491e-b7a5-ed0375dea2e8",
+    "id": "bundle--e1c76d10-0386-4bd6-a43f-2cd19524436f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json b/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json
index 712f3c4fb3..9a2db7b727 100644
--- a/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json
+++ b/mobile-attack/relationship/relationship--67aa692c-24e4-483e-996e-02ce1e861ec8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c60abea-3b46-4c6d-ab98-ebb24fc43d64",
+    "id": "bundle--77f8d76b-0014-4cf0-9ae6-5d59a9f39f21",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
index 78eeeb0575..770fdf381f 100644
--- a/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
+++ b/mobile-attack/relationship/relationship--67c2b73d-cd51-4894-a7bd-fdd5d14b33a2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d37f09c1-0760-409b-9d6b-38daddab30c7",
+    "id": "bundle--8ed7cc8f-b1b5-4324-a403-64859ac433d7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
index e4f63d6a38..0a1eeac198 100644
--- a/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
+++ b/mobile-attack/relationship/relationship--67db22d4-6f89-40c6-b31b-737c1e3dec3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34d8d7ba-1e6e-4db9-9715-f4695c268f45",
+    "id": "bundle--974fee44-9c52-48ea-9874-ab4957432959",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json b/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json
index 3abcc5207a..7bdfb92d1b 100644
--- a/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json
+++ b/mobile-attack/relationship/relationship--681161b2-4e30-4d49-8524-6cc0d94585cb.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--eeac312d-a883-4f60-8f45-022663c03cc1",
+    "id": "bundle--3b25c820-621b-4876-8232-e22bd756712c",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--681161b2-4e30-4d49-8524-6cc0d94585cb",
             "created": "2023-03-16T13:33:26.925Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T13:33:26.925Z",
-            "description": "",
+            "modified": "2023-08-14T16:34:55.830Z",
+            "description": "Many properly configured firewalls may naturally block bidirectional command and control traffic.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
             "target_ref": "attack-pattern--939808a7-121d-467a-b028-4441ee8b7cee",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--681d5e61-9412-4c58-bef1-c6ef7bffcb0c.json b/mobile-attack/relationship/relationship--681d5e61-9412-4c58-bef1-c6ef7bffcb0c.json
new file mode 100644
index 0000000000..f09bcbebc4
--- /dev/null
+++ b/mobile-attack/relationship/relationship--681d5e61-9412-4c58-bef1-c6ef7bffcb0c.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--5d8e3b5d-35c5-44dc-848c-bc665509c91a",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--681d5e61-9412-4c58-bef1-c6ef7bffcb0c",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:42:13.445Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--c91c304a-975d-4501-9789-0db1c57afd3f",
+            "target_ref": "attack-pattern--2d646840-f6f5-4619-a5a8-29c8316bbac5",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json b/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json
index 5e02085ecd..6e416f0e8d 100644
--- a/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json
+++ b/mobile-attack/relationship/relationship--6846dc09-b66a-42d3-aea2-c80b51f22952.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cba9ee88-39ed-4f24-80fb-4d3bbed25d96",
+    "id": "bundle--2bdc1ea1-eda6-4f0f-924c-6e990ca7029e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
index a0a1c3d966..f408d44d35 100644
--- a/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
+++ b/mobile-attack/relationship/relationship--684c17bb-2075-4e1f-9fcb-17408511222d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--04aca128-9ec8-4f92-aa41-4739685edfea",
+    "id": "bundle--00d65f13-bb2a-4260-a2b3-2579ab7f490a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
index 5fc111ba70..a382e503b2 100644
--- a/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
+++ b/mobile-attack/relationship/relationship--6885280e-5423-422a-94f1-e91d557e043e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cce2632c-41a6-4d03-9f83-8ac05d8294d6",
+    "id": "bundle--d97c0b2e-64ef-4ed2-933b-117404ca1ccf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
index 883dc3bfaf..2eeba94f3a 100644
--- a/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
+++ b/mobile-attack/relationship/relationship--68c17e9b-1fda-49dd-982b-566d473cc32b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8b74be2b-5e13-434b-86dd-83c8e617b608",
+    "id": "bundle--424c9f7e-0e6d-4e3f-8d83-8de8f6a91213",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
index 50cf9eaa00..6f6863bcdb 100644
--- a/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
+++ b/mobile-attack/relationship/relationship--68e5789c-9f60-421e-9c79-fae207a29e83.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f491f3d-7716-4971-bcdb-8c3e9bc4701c",
+    "id": "bundle--669b5bf0-4858-4ce8-a92f-3398835eed0a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
index ad2833facb..778d66bb16 100644
--- a/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
+++ b/mobile-attack/relationship/relationship--6920d0d0-27f4-4d29-8622-c8a92090eec3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f76be5e3-4bea-4d0b-a254-1adfb57e94b1",
+    "id": "bundle--868176e7-70ec-4ad1-82fb-0134e445fca8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
index 83c55dfb55..621336a2d7 100644
--- a/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
+++ b/mobile-attack/relationship/relationship--6935752c-e400-4dfa-863f-1d44a8f6dd50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b82b7d1-79b7-4803-925f-5716a31345aa",
+    "id": "bundle--20114048-d589-41ec-b6d3-05cc3e5628e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
index 5222eddce0..40a47ca2cc 100644
--- a/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
+++ b/mobile-attack/relationship/relationship--694857ba-92e8-462e-8900-a9f6fdcf495d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ffb5f4c8-4ffb-4f3d-bb2c-7481b6c64f3f",
+    "id": "bundle--54fb46a2-23de-44d6-9d1f-5307989ef535",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
index b6197859be..ccf62166a2 100644
--- a/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
+++ b/mobile-attack/relationship/relationship--6961eec4-8e31-4be1-88d9-dca682e38b8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a718f7b5-5dc7-4cb6-ac8b-ba4dd7e2ebb6",
+    "id": "bundle--737354e0-e33f-4016-b5ae-fc4d3f7b9638",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
index 7ed11cbd79..a6f30aee03 100644
--- a/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
+++ b/mobile-attack/relationship/relationship--69718f1d-7761-41ae-b9d0-12c45f6b4ac4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ebd1d6f-5f1b-4a4b-851b-89d4635b49ce",
+    "id": "bundle--916bac61-152b-4257-90bc-5a1a8acb1815",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--697f5584-667f-4489-a535-586dd1a8b48c.json b/mobile-attack/relationship/relationship--697f5584-667f-4489-a535-586dd1a8b48c.json
new file mode 100644
index 0000000000..6349dc17c8
--- /dev/null
+++ b/mobile-attack/relationship/relationship--697f5584-667f-4489-a535-586dd1a8b48c.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c2e221be-384f-44ff-a430-8d98c82ffbf1",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--697f5584-667f-4489-a535-586dd1a8b48c",
+            "created": "2023-10-10T15:33:59.823Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Lookout Uyghur Campaign",
+                    "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+                    "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.823Z",
+            "description": "[GoldenEagle](https://attack.mitre.org/software/S0551) has inserted trojan functionality into legitimate apps, including popular apps within the Uyghur community, VPNs, instant messaging apps, social networking, games, adult media, and Google searching.(Citation: Lookout Uyghur Campaign)",
+            "relationship_type": "uses",
+            "source_ref": "malware--0b9c5d11-651a-4378-b129-5c584d0242c5",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
index 3773f49165..009280b0da 100644
--- a/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
+++ b/mobile-attack/relationship/relationship--69bb264a-3f44-4132-9248-dd80a9f5efa2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56af41be-77c8-4364-a657-c5c9541e8f43",
+    "id": "bundle--0fb047a1-bea2-4245-bdea-c1ca4d89b81b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
index ef319222aa..e74d04cf33 100644
--- a/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
+++ b/mobile-attack/relationship/relationship--69de3f7e-faa7-4342-b755-4777a68fd89b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49df60bd-d9a2-4da7-a341-ae05f565b2f5",
+    "id": "bundle--0ecd429a-e632-476b-b690-76e5b814e9e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a1d8b2f-9007-46ba-b559-356b81632cee.json b/mobile-attack/relationship/relationship--6a1d8b2f-9007-46ba-b559-356b81632cee.json
new file mode 100644
index 0000000000..58a5c7d68c
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6a1d8b2f-9007-46ba-b559-356b81632cee.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--33ed1320-b6f2-48c1-b0ee-5f6d62e2c013",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6a1d8b2f-9007-46ba-b559-356b81632cee",
+            "created": "2023-10-10T15:33:58.444Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Zscaler TikTok Spyware",
+                    "description": "S. Desai. (2020, September 8). TikTok Spyware. Retrieved January 5, 2021.",
+                    "url": "https://www.zscaler.com/blogs/security-research/tiktok-spyware"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.444Z",
+            "description": "[Tiktok Pro](https://attack.mitre.org/software/S0558) has masqueraded as TikTok.(Citation: Zscaler TikTok Spyware)",
+            "relationship_type": "uses",
+            "source_ref": "malware--c6abcaf8-1765-41f8-9fe5-03d42fd0f6c0",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
index e370ae2d2d..f3d51d33b4 100644
--- a/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
+++ b/mobile-attack/relationship/relationship--6a4fd7bd-b73b-403b-aff9-8be6bc0afc7b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe7dca59-e1ed-443a-9234-261392c6f784",
+    "id": "bundle--7404c001-ab19-49aa-a650-294d22178ae1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
index 5c7146f7bb..4929194924 100644
--- a/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
+++ b/mobile-attack/relationship/relationship--6a5926f3-8c44-4806-83c2-e8ed0be36bc2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--802947d6-6316-4f82-b6c8-d9c0409043d9",
+    "id": "bundle--bc44d1ff-4863-4115-a8d6-954fd6eec6d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json b/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json
index 13e7f940a9..2ec2391a27 100644
--- a/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json
+++ b/mobile-attack/relationship/relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e.json
@@ -1,25 +1,32 @@
 {
     "type": "bundle",
-    "id": "bundle--08ef3401-d211-4cd0-9345-c39e0f216ebd",
+    "id": "bundle--29411a52-3958-4ad2-922e-eb223e7d4bb1",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--6a5f151f-36cb-496a-9d0c-d726f1b00d4e",
             "created": "2023-03-16T18:26:45.940Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Android-VerifiedBoot",
+                    "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016.",
+                    "url": "https://source.android.com/security/verifiedboot/"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:26:45.940Z",
-            "description": "",
+            "modified": "2023-08-08T15:21:42.253Z",
+            "description": "On Android, Verified Boot can detect unauthorized modifications to the system partition.(Citation: Android-VerifiedBoot) Android's SafetyNet API provides remote attestation capabilities, which could potentially be used to identify and respond to compromise devices. Samsung Knox provides a similar remote attestation capability on supported Samsung devices. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
index d5689efa59..06540317b4 100644
--- a/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
+++ b/mobile-attack/relationship/relationship--6a715733-cde6-4903-b967-35562b584c6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5be36346-b5ab-4914-a070-70f7d3ad9695",
+    "id": "bundle--3db86a68-be7f-45ee-a013-3b20b881d9ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6a813057-5fe0-46b5-89a3-c804d223568c.json b/mobile-attack/relationship/relationship--6a813057-5fe0-46b5-89a3-c804d223568c.json
new file mode 100644
index 0000000000..9e5c7ea443
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6a813057-5fe0-46b5-89a3-c804d223568c.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--3e3e8aa0-0217-425e-a85a-b8b4ee261512",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6a813057-5fe0-46b5-89a3-c804d223568c",
+            "created": "2023-08-04T18:30:16.933Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-26T12:54:10.319Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate the victim device ID, model, manufacturer, and Android version.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
index 2f6dc4a3c6..c66d63ba80 100644
--- a/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
+++ b/mobile-attack/relationship/relationship--6a821e14-8247-408b-af37-9cecbba616ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--650b4858-5ba7-4e5a-b462-0db37246c418",
+    "id": "bundle--dc88e0aa-8c6f-495f-b7a3-55fc62ecb0da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ac2d9a5-248b-42c5-af71-3ffad7bc7f3e.json b/mobile-attack/relationship/relationship--6ac2d9a5-248b-42c5-af71-3ffad7bc7f3e.json
new file mode 100644
index 0000000000..c1252b5d96
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6ac2d9a5-248b-42c5-af71-3ffad7bc7f3e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--8ef73a5a-e65e-4ecf-b8b9-dd8455ba35f2",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6ac2d9a5-248b-42c5-af71-3ffad7bc7f3e",
+            "created": "2023-09-21T22:18:06.516Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "nccgroup_sharkbot_0322",
+                    "description": "RIFT: Research and Intelligence Fusion Team. (2022, March 3). SharkBot: a \u201cnew\u201d generation Android banking Trojan being distributed on Google Play Store. Retrieved January 18, 2023.",
+                    "url": "https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T19:39:19.069Z",
+            "description": "[SharkBot](https://attack.mitre.org/software/S1055) initially poses as a benign application, then malware is downloaded and executed after an application update.(Citation: nccgroup_sharkbot_0322)",
+            "relationship_type": "uses",
+            "source_ref": "malware--9cd72f5c-bec0-4f7e-bb6d-296937116291",
+            "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6ad4f199-99fe-4366-87be-7a462f6c89b0.json b/mobile-attack/relationship/relationship--6ad4f199-99fe-4366-87be-7a462f6c89b0.json
new file mode 100644
index 0000000000..f188476dac
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6ad4f199-99fe-4366-87be-7a462f6c89b0.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--a598baa8-c157-4a3e-ac73-f0ae5ad6a001",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6ad4f199-99fe-4366-87be-7a462f6c89b0",
+            "created": "2023-06-09T19:11:38.612Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T20:48:41.487Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can access a device\u2019s location and check if GPS is enabled. [Hornbill](https://attack.mitre.org/software/S1077) has logic to only log location changes greater than 70 meters.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
index 838db24e3d..bc15584c2f 100644
--- a/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
+++ b/mobile-attack/relationship/relationship--6b41d649-bcd0-4427-baa1-15a145bace6e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7dc3c4a0-e55d-46c6-8e97-91731b382c4f",
+    "id": "bundle--7d21243e-326b-4aa4-a87c-082ef6683060",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
index e2d566aed9..0a0320ecf4 100644
--- a/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
+++ b/mobile-attack/relationship/relationship--6b64d3f4-96d6-48e5-a57e-b5cf897670f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7041c92-5125-4a86-a141-b86a1394694c",
+    "id": "bundle--fb382242-9702-4501-9576-f1a4ceb0d03e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json b/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json
index 1123226175..7647a2ee0a 100644
--- a/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json
+++ b/mobile-attack/relationship/relationship--6b74d347-4d28-401f-9ac2-b3e1c9428bab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8982d71-1808-4d53-b6ff-5e6f7219ea13",
+    "id": "bundle--d09073b7-3248-4b24-b912-8c1a00e84783",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
index 36b15fc0b5..907095e4e8 100644
--- a/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
+++ b/mobile-attack/relationship/relationship--6ba09d73-4ed5-4a37-8191-fc54a8f01696.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--210661df-1bdb-4186-b11d-098d402c1f80",
+    "id": "bundle--22688134-4325-4d3c-b5de-f345df53c40f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json b/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json
index e88537a923..021b23705b 100644
--- a/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json
+++ b/mobile-attack/relationship/relationship--6bb4de7d-1ef9-4bc8-8d34-62e176d4188a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--02cd00c6-48df-404a-b53b-13d83f3e300f",
+    "id": "bundle--6bacae86-3119-4c5a-bb97-9bdf6f1f71ca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
index b154b20061..6efc5a0af7 100644
--- a/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
+++ b/mobile-attack/relationship/relationship--6c0105f3-e919-499d-b080-d127394d2837.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3bb8e288-2dd6-4622-b8af-d54113fb7ef1",
+    "id": "bundle--e36a255e-2fb0-495a-892d-01bb4e9e0aa3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
index 61341c8085..f8fd0f1a74 100644
--- a/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
+++ b/mobile-attack/relationship/relationship--6c35f99c-153d-4023-a29a-821488ce5418.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fc1eca3-bf85-4fb5-a721-fdbf51eb7589",
+    "id": "bundle--b97f553f-630c-499d-b834-13cd1ed35e07",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
index 12489e9fe9..59c2872610 100644
--- a/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
+++ b/mobile-attack/relationship/relationship--6c859d6b-28b1-409d-90ea-d4eba64edf82.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4bde3a5-8469-4e07-abbd-8ff87764f5d4",
+    "id": "bundle--3c872cbe-4a76-4ba0-9c67-4528fa7a5636",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6c887e1b-ff9a-4d7f-baec-7d19e1c982bd.json b/mobile-attack/relationship/relationship--6c887e1b-ff9a-4d7f-baec-7d19e1c982bd.json
new file mode 100644
index 0000000000..2b4d025b6b
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6c887e1b-ff9a-4d7f-baec-7d19e1c982bd.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--b51fbbaa-18db-44a5-956f-7b6ce0a888f6",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6c887e1b-ff9a-4d7f-baec-7d19e1c982bd",
+            "created": "2023-08-07T22:48:30.275Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-07T22:48:30.275Z",
+            "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to newly created processes and their parameters, potentially detecting unwanted or malicious shells.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077",
+            "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
index 2f9b46947a..7dc50a2fb4 100644
--- a/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
+++ b/mobile-attack/relationship/relationship--6ca3e3d9-2db9-4bed-98a0-417ff1e6a78e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--46229d18-f78b-4579-b245-27d5dd108087",
+    "id": "bundle--76c4171c-ea0c-40d4-a50d-9335f1f16c1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
index 30136d64b6..149b039a0f 100644
--- a/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
+++ b/mobile-attack/relationship/relationship--6cace9e3-f095-4914-bddc-24cec8bcc859.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--064b0c0c-b0e1-4de2-8a0f-0ba5baba1bd5",
+    "id": "bundle--a5ec0c94-f5ec-451c-b8ca-a8758d321f7c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
index 72f23b2f69..3c68beed77 100644
--- a/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
+++ b/mobile-attack/relationship/relationship--6ce36374-2ff6-4b41-8493-148416153232.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--239ee732-6ba3-4603-9e5e-d12df85795f1",
+    "id": "bundle--887ed037-977e-4396-82f1-81a49a129e86",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
index 7759fed00c..4feec9998c 100644
--- a/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
+++ b/mobile-attack/relationship/relationship--6d2c7743-fc75-4524-b217-13867ca1dd10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99904faf-f0e5-4b36-a18d-c293e9b6267e",
+    "id": "bundle--6a79da64-9eb2-4c07-9eb5-d44912cd8f9b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
index 25b5f088db..eb539585c3 100644
--- a/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
+++ b/mobile-attack/relationship/relationship--6d659130-545b-4917-891c-6c1b7d54ed07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2c4d064-c1d2-4985-8d24-466e7afd01eb",
+    "id": "bundle--957243f3-3b17-44aa-9bfa-0fdf0a9883e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
index 94b8e777f5..f0f769df1a 100644
--- a/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
+++ b/mobile-attack/relationship/relationship--6d88242f-e45b-481c-bd41-b66a662618ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7ee12f99-8b6b-4ba6-ad93-e791699c2cef",
+    "id": "bundle--e7ad963e-02ad-4324-9c3d-b4e4d93402a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json b/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json
index 816050e6a7..f2ebe00beb 100644
--- a/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json
+++ b/mobile-attack/relationship/relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--b59d6a75-aa11-47a8-b662-231e580f3a46",
+    "id": "bundle--b411bb67-74ac-4a0f-95d8-cc93f1655bed",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--6d910b1c-df72-4fcb-9d9e-0bb666c9c108",
             "created": "2023-03-20T18:57:17.059Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:57:17.059Z",
-            "description": "",
+            "modified": "2023-08-14T20:53:47.270Z",
+            "description": "On Android, the user can review which applications can use premium SMS features in the \"Special access\" page within application settings. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
index 7151bddd95..4b3e8cfe9b 100644
--- a/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
+++ b/mobile-attack/relationship/relationship--6de29595-e63e-4d7e-992f-b4622b7b8e23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e44c83c-fdaa-4f1b-ba8b-09b278909a66",
+    "id": "bundle--b0639ce2-304a-43bd-8c88-393ef390b12d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6e811d89-6526-480f-be40-1ad6483182ff.json b/mobile-attack/relationship/relationship--6e811d89-6526-480f-be40-1ad6483182ff.json
new file mode 100644
index 0000000000..cf1eab72a6
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6e811d89-6526-480f-be40-1ad6483182ff.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c3557f1e-5a7c-4223-b1f1-bf8cf8d4b7ff",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6e811d89-6526-480f-be40-1ad6483182ff",
+            "created": "2023-10-10T15:33:58.801Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Talos GPlayed",
+                    "description": "V. Ventura. (2018, October 11).  GPlayed Trojan - .Net playing with Google Market . Retrieved November 24, 2020.",
+                    "url": "https://blog.talosintelligence.com/2018/10/gplayedtrojan.html"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.801Z",
+            "description": "[GPlayed](https://attack.mitre.org/software/S0536) has used the Play Store icon as well as the name \u201cGoogle Play Marketplace\u201d.(Citation: Talos GPlayed)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a993495c-9813-4372-b9ec-d168c7f7ec0a",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json b/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json
index 1cf26ab3e4..30aad490e1 100644
--- a/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json
+++ b/mobile-attack/relationship/relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--81c85349-131f-47a7-aa7f-6df82be13420",
+    "id": "bundle--084f760a-ef7b-4dc0-b73b-7194dcca995f",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--6ee69225-7c42-49e6-bfe4-c7009c82e76a",
             "created": "2023-03-20T18:44:36.073Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:44:36.073Z",
-            "description": "",
+            "modified": "2023-08-09T15:56:10.432Z",
+            "description": "The user can view and manage installed third-party keyboards.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--6f240b1d-de8f-465d-a0f1-f75e828493c3.json b/mobile-attack/relationship/relationship--6f240b1d-de8f-465d-a0f1-f75e828493c3.json
new file mode 100644
index 0000000000..e1e478d7ac
--- /dev/null
+++ b/mobile-attack/relationship/relationship--6f240b1d-de8f-465d-a0f1-f75e828493c3.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d4a5e5df-6194-4cc8-abf2-58f7d35a421d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--6f240b1d-de8f-465d-a0f1-f75e828493c3",
+            "created": "2023-08-04T18:29:05.423Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T20:42:54.574Z",
+            "description": "(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f",
+            "target_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
index c148520352..290979f608 100644
--- a/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
+++ b/mobile-attack/relationship/relationship--6f27a13d-b353-47f3-8a71-a13e8c4c3d60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f46f6e3d-b69d-4dc5-9e27-28baf52ecc59",
+    "id": "bundle--831ccafa-7071-4e8d-a6b1-aeeeb35813b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
index 994cc298f8..67686b019c 100644
--- a/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
+++ b/mobile-attack/relationship/relationship--6f30b02b-5d88-453d-af1e-305a75bfaf87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd663084-6fbf-4064-ac3d-0c71dc502d81",
+    "id": "bundle--7442fdc4-1e50-419f-93c8-634a3a4945b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
index a44c4a697a..18ea3d08fb 100644
--- a/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
+++ b/mobile-attack/relationship/relationship--6f63395f-a826-45e2-8d3b-dccd6375f54d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a270611-f2ac-4792-a681-af2501f0751b",
+    "id": "bundle--1ce88263-6dbf-4c7c-aae2-69c591d084fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
index 271ffac6d8..50ae0d5fce 100644
--- a/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
+++ b/mobile-attack/relationship/relationship--6f9f892e-56ec-480b-aa40-337f20f2bb9c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea9ff59b-ffe0-4fe5-8b8b-eef5ac3b8b10",
+    "id": "bundle--c288be44-fd83-434c-9c03-9a2485c9dddf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
index a71a4139ec..d4780d1b91 100644
--- a/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
+++ b/mobile-attack/relationship/relationship--6faacfdd-d17d-4c6e-a33e-5fdea2cc3998.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72b6b91b-3da0-4285-b527-7df46e799859",
+    "id": "bundle--4fbe42d0-8064-489b-9816-df7ae7eb01db",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
index 1af69501e7..5ab4b6f209 100644
--- a/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
+++ b/mobile-attack/relationship/relationship--7017085c-c612-48b2-b655-e18d7822d0e7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9aa3e509-ab54-4872-a3b8-1168b7d2fc7d",
+    "id": "bundle--62966312-8f17-4952-a6f8-0d043ef7358c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
index 8f164b174b..88005a4508 100644
--- a/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
+++ b/mobile-attack/relationship/relationship--70367e5c-15e0-4bcd-b538-7a90c4eefd30.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc3109e5-1e49-450e-becf-c625660bf671",
+    "id": "bundle--3c7a91af-9be4-4ce7-b58b-cc883e20b8f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
index 318fab61e5..f761d65a5c 100644
--- a/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
+++ b/mobile-attack/relationship/relationship--706c698c-aa8d-4fac-a6c1-2e047c3f965c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d21dcde2-7928-41f0-8324-fde66a2c79c8",
+    "id": "bundle--eb8e625d-46da-46d5-afda-7880e7b46f18",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
index b4cfad348b..96721b298c 100644
--- a/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
+++ b/mobile-attack/relationship/relationship--70ec9e67-b755-41ee-a1db-71d250a90b4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--688e4621-8c79-4a69-8780-efdc09a1b541",
+    "id": "bundle--b77772bc-b1cc-45b9-8169-f07a709ae83f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
index 82fee4b18a..1f9a81d8ba 100644
--- a/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
+++ b/mobile-attack/relationship/relationship--70f8cbed-b20d-4ff2-ad02-8d78e7d49159.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--818f1ac2-f2af-486c-bd13-3d0e72c42ab0",
+    "id": "bundle--4b1557f8-2599-41ee-b9fb-0bccb58cd5a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
index acd654d216..0750476a5e 100644
--- a/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
+++ b/mobile-attack/relationship/relationship--70fa8498-6117-4e15-ae3c-f53d63996826.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fa5ee49-311e-4fd2-b69f-ec08922c0ed3",
+    "id": "bundle--76cb8e91-ffe9-4741-bab0-b0684847c14f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
index 8b71df5309..88aed80d5b 100644
--- a/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
+++ b/mobile-attack/relationship/relationship--71490fdb-e271-4a67-b932-5288924b1dae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7637b3b-6d09-4ee6-93d9-6067a349329f",
+    "id": "bundle--c8fa7c25-14c9-45f4-a0eb-f77eb81c32a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
index 88d49610f0..a51b5b73e0 100644
--- a/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
+++ b/mobile-attack/relationship/relationship--716f68ee-1e77-4254-8f67-d8f3c71db678.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f0417a4-ea3e-443a-9c10-41115e250c8b",
+    "id": "bundle--13116530-3ba0-4d36-92cb-fd1b4dc7c91a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
index 886cfd616c..46cc45226b 100644
--- a/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
+++ b/mobile-attack/relationship/relationship--718a612e-50c5-40ab-9081-b88cefeafcb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50118f87-2365-4464-8950-797a50a52e73",
+    "id": "bundle--8a081202-9703-4e8c-a64e-9999bdce3e68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
index 0ec8f02f49..383f2ce6a3 100644
--- a/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
+++ b/mobile-attack/relationship/relationship--721cc30c-74cf-4eed-89a8-7a8e63e6c0e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af8bdce0-b99f-4f3b-a5d2-7e12e4d9c0e0",
+    "id": "bundle--e60cc490-480a-4cc8-b7fc-558bbf6edac1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--724e1b64-7c9b-4a8f-a2ab-3f9cab539e68.json b/mobile-attack/relationship/relationship--724e1b64-7c9b-4a8f-a2ab-3f9cab539e68.json
new file mode 100644
index 0000000000..20392d8cf0
--- /dev/null
+++ b/mobile-attack/relationship/relationship--724e1b64-7c9b-4a8f-a2ab-3f9cab539e68.json
@@ -0,0 +1,32 @@
+{
+    "type": "bundle",
+    "id": "bundle--d044f4d9-31ec-470d-8271-cb7564210eb8",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--724e1b64-7c9b-4a8f-a2ab-3f9cab539e68",
+            "created": "2023-10-10T19:19:38.654Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T19:19:38.654Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) has exfiltrated cached data from infected devices.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
index c6a8a42352..d988ab1f6e 100644
--- a/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
+++ b/mobile-attack/relationship/relationship--7258542e-029b-45b9-be69-6e76d9c93b35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e96d1b00-5bd7-4d17-ad71-c1f5e0579fc7",
+    "id": "bundle--1befcec8-7cb1-4b16-b18a-9849485a8379",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
index 4f41a4712f..9da701ee5e 100644
--- a/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
+++ b/mobile-attack/relationship/relationship--7260c8fe-6b3b-48a2-889f-f329fb5b4ef0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f70833b-49e1-401c-a8ac-75aaad9d6b10",
+    "id": "bundle--868e4828-d56a-4b3a-9641-01904056488f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
index 6b256b5268..4e885bf5df 100644
--- a/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
+++ b/mobile-attack/relationship/relationship--72a5350f-f0cf-4f44-82d5-28a25492c6af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e20e6526-6f8d-4717-96fc-e813a26ee939",
+    "id": "bundle--61955988-a3a7-4791-b4e2-5b96490d0405",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
index b7c4f856bc..017711a89b 100644
--- a/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
+++ b/mobile-attack/relationship/relationship--72a88d43-4144-444e-8f71-ac0d19ae3710.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15df8a9d-6ed0-4b72-86d4-1fb9ca494887",
+    "id": "bundle--3f7bc6fb-7db2-47b1-bbdf-b782ac1b5814",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--73410b22-5aca-4b86-8efc-98c1ad75399a.json b/mobile-attack/relationship/relationship--73410b22-5aca-4b86-8efc-98c1ad75399a.json
new file mode 100644
index 0000000000..6eefa4c5a9
--- /dev/null
+++ b/mobile-attack/relationship/relationship--73410b22-5aca-4b86-8efc-98c1ad75399a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4e780278-6931-474a-a7dc-04a2d907d136",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--73410b22-5aca-4b86-8efc-98c1ad75399a",
+            "created": "2023-10-10T15:33:59.572Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Talos-WolfRAT",
+                    "description": "W. Mercer, P. Rascagneres, V. Ventura. (2020, May 19).  The wolf is back... . Retrieved July 20, 2020.",
+                    "url": "https://blog.talosintelligence.com/2020/05/the-wolf-is-back.html"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.572Z",
+            "description": "[WolfRAT](https://attack.mitre.org/software/S0489) has masqueraded as \u201cGoogle service\u201d, \u201cGooglePlay\u201d, and \u201cFlash update\u201d.(Citation: Talos-WolfRAT)",
+            "relationship_type": "uses",
+            "source_ref": "malware--dfdac962-9461-47f0-a212-36dfce2a97e6",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
index 4f9bd4c65f..2d7d167bef 100644
--- a/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
+++ b/mobile-attack/relationship/relationship--734fa2bf-17af-4e54-8d83-4cf9759e4ba9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c65b1fed-85c9-43c2-bb1e-c0e248ff1f20",
+    "id": "bundle--eefa73fd-7483-4414-99a9-cde5409b31ce",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json b/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json
index dec4499c69..7ef849f4a9 100644
--- a/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json
+++ b/mobile-attack/relationship/relationship--73d22490-4043-42d7-ad25-74e4a642bf6a.json
@@ -1,25 +1,32 @@
 {
     "type": "bundle",
-    "id": "bundle--1928b7aa-ee5d-4b5b-9a96-7aef9e603808",
+    "id": "bundle--13737c49-02e1-49c4-bb6e-fc6cf13074cf",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--73d22490-4043-42d7-ad25-74e4a642bf6a",
             "created": "2023-03-20T18:41:45.186Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "CSRIC5-WG10-FinalReport",
+                    "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
+                    "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:41:45.186Z",
-            "description": "",
+            "modified": "2023-08-15T15:06:03.429Z",
+            "description": "Network carriers may be able to use firewalls, Intrusion Detection Systems (IDS), or Intrusion Prevention Systems (IPS) to detect and/or block SS7 exploitation.(Citation: CSRIC5-WG10-FinalReport) The CSRIC also suggests threat information sharing between telecommunications industry members.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
             "target_ref": "attack-pattern--0f4fb01b-d57a-4375-b7a2-342c9d3248f7",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
index f0d2d502d3..bf8b8b041d 100644
--- a/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
+++ b/mobile-attack/relationship/relationship--73d78f2c-dd3b-469c-a622-e2e89cb521d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af8c64f5-4f1a-475b-b59e-b0d4a5909276",
+    "id": "bundle--f8b9effd-b173-4925-a589-cb69132831bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74080f4f-1de2-464f-8ec1-0635fc142273.json b/mobile-attack/relationship/relationship--74080f4f-1de2-464f-8ec1-0635fc142273.json
new file mode 100644
index 0000000000..81a1b7a3ab
--- /dev/null
+++ b/mobile-attack/relationship/relationship--74080f4f-1de2-464f-8ec1-0635fc142273.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--50398d38-8db1-4b30-9b7d-7298faf9763a",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--74080f4f-1de2-464f-8ec1-0635fc142273",
+            "created": "2023-08-08T16:23:41.141Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-08T16:23:41.141Z",
+            "description": "Application vetting services may be able to list domains and/or IP addresses that applications communicate with. ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+            "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
index 6b09858820..15e362971c 100644
--- a/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
+++ b/mobile-attack/relationship/relationship--740ea19e-d248-44e5-a0e5-3e9420df9dc8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1066d613-0e08-4409-843a-888c874cb9f7",
+    "id": "bundle--017c301e-1681-4465-ad7f-c8e16f9c17ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--746eaf98-bd95-4e9a-a4ed-0e3f20402276.json b/mobile-attack/relationship/relationship--746eaf98-bd95-4e9a-a4ed-0e3f20402276.json
new file mode 100644
index 0000000000..f5cd952138
--- /dev/null
+++ b/mobile-attack/relationship/relationship--746eaf98-bd95-4e9a-a4ed-0e3f20402276.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--59a5d4f3-7b8a-4d02-8bd6-2eed2d396b39",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--746eaf98-bd95-4e9a-a4ed-0e3f20402276",
+            "created": "2023-10-10T15:33:57.989Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Lookout-Dendroid",
+                    "description": "Marc Rogers. (2014, March 6). Dendroid malware can take over your camera, record audio, and sneak into Google Play. Retrieved December 22, 2016.",
+                    "url": "https://blog.lookout.com/blog/2014/03/06/dendroid/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.989Z",
+            "description": "[Dendroid](https://attack.mitre.org/software/S0301) can be bound to legitimate applications prior to installation on devices.(Citation: Lookout-Dendroid)",
+            "relationship_type": "uses",
+            "source_ref": "malware--317a2c10-d489-431e-b6b2-f0251fddc88e",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json b/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json
index 474b7808c8..fe5612b12b 100644
--- a/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json
+++ b/mobile-attack/relationship/relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--e9716298-e2e6-422e-ab8d-fd7cd0176579",
+    "id": "bundle--53312fbf-843d-4385-8990-e93710fabae7",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--749dcdbd-9be9-403b-850f-8ee5452b7aed",
             "created": "2023-03-20T18:58:56.347Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:58:56.347Z",
-            "description": "",
+            "modified": "2023-08-08T16:30:21.044Z",
+            "description": "Application vetting services can detect unnecessary and potentially abused location permissions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--74a137c7-b3f8-421f-bc52-bf9f0785d0ba.json b/mobile-attack/relationship/relationship--74a137c7-b3f8-421f-bc52-bf9f0785d0ba.json
new file mode 100644
index 0000000000..d11d79999f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--74a137c7-b3f8-421f-bc52-bf9f0785d0ba.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--78d7c5f1-9396-49b6-8705-efae99f5e477",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--74a137c7-b3f8-421f-bc52-bf9f0785d0ba",
+            "created": "2023-09-22T19:15:56.498Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T19:15:56.498Z",
+            "description": "Command-line activities can potentially be detected through Mobile Threat Defense (MTD) integrations with lower-level OS APIs. This could grant the MTD agents access to running processes and their parameters, potentially detecting file deletion processes.  ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0",
+            "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
index e1bd10088d..f5f4bfad90 100644
--- a/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
+++ b/mobile-attack/relationship/relationship--74c3c88c-956b-4bc7-9ea2-585e7366fe69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3881d2d3-91d5-4bbe-bc01-4d20bfc59d7b",
+    "id": "bundle--661abeaa-4a33-4739-8c71-fcc757b36cdd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
index 00f844e7bc..f915a09caa 100644
--- a/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
+++ b/mobile-attack/relationship/relationship--74c8c9e7-cd8b-4f3a-830d-a7e6e9668330.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d0979d7-e524-4013-9e21-65830f8c3ed7",
+    "id": "bundle--eb9341f0-b482-49c3-a5dc-7e204d8dfb9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
index 8a4a39b97f..5ff342803e 100644
--- a/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
+++ b/mobile-attack/relationship/relationship--74eb8469-1cce-40f8-8b6b-486338e8cfbe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26e0aa78-f8d0-4d77-8375-0f8f5f0480bf",
+    "id": "bundle--f074a87b-3a8e-4fa2-816d-c7a50850dff0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json b/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json
index 5e22f0b1d0..b59fa50da4 100644
--- a/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json
+++ b/mobile-attack/relationship/relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6.json
@@ -1,25 +1,37 @@
 {
     "type": "bundle",
-    "id": "bundle--5964106f-3f38-4f62-ada4-c0eaa0f70e38",
+    "id": "bundle--4e62a4a2-c9f2-42f8-bce9-81915d5d4235",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--75400f2e-8a9a-4bc6-a40b-f860b38868b6",
             "created": "2023-03-16T13:31:29.822Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Android Privacy Indicators",
+                    "description": "Google. (n.d.). Privacy Indicators. Retrieved April 20, 2022.",
+                    "url": "https://source.android.com/devices/tech/config/privacy-indicators"
+                },
+                {
+                    "source_name": "iOS Mic Spyware",
+                    "description": "ZecOps Research Team. (2021, November 4). How iOS Malware Can Spy on Users Silently. Retrieved April 1, 2022.",
+                    "url": "https://blog.zecops.com/research/how-ios-malware-can-spy-on-users-silently/"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T13:31:29.822Z",
-            "description": "",
+            "modified": "2023-08-10T21:08:37.537Z",
+            "description": "In iOS 14 and up, an orange dot (or orange square if the Differentiate Without Color setting is enabled) appears in the status bar when the microphone is being used by an application. However, there have been demonstrations indicating it may still be possible to access the microphone in the background without triggering this visual indicator by abusing features that natively access the microphone or camera but do not trigger the visual indicators.(Citation: iOS Mic Spyware)\n\n\nIn Android 12 and up, a green dot appears in the status bar when the microphone is being used by an application.(Citation: Android Privacy Indicators)",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
index 4c6a0a4e4f..ca0941ed47 100644
--- a/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
+++ b/mobile-attack/relationship/relationship--75472bf8-c7fd-4fc7-a11e-74189bc23b78.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a05f036-4b2f-4b71-bf9d-309a9bb4ec5d",
+    "id": "bundle--abbd29f3-a8a0-4133-8403-16cf35ac797a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
index 6dd0175037..0a63639d03 100644
--- a/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
+++ b/mobile-attack/relationship/relationship--75770898-93a7-45e3-bdb2-03172004a88f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bb580d1-866b-4af5-836a-df9c31b74761",
+    "id": "bundle--5404991f-21b3-48a6-a442-75afc265694f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json b/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json
index 5344b33810..565e7cbb3f 100644
--- a/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json
+++ b/mobile-attack/relationship/relationship--75989cf6-c023-4ed3-9d23-a83f55690186.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4bc4f40e-c577-440a-8c1e-7d0c6b2f7890",
+    "id": "bundle--46213220-24d1-492f-a0e5-91b61bc855ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
index 0a710530ed..e7a7e2e79c 100644
--- a/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
+++ b/mobile-attack/relationship/relationship--759a2e09-32b6-4857-9b6d-adf5dcee142b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3522afef-7226-4a88-a61e-684063c50222",
+    "id": "bundle--951bed55-cc53-4596-aade-bf5647993baa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--75a8614f-bf92-455d-b2ef-7085aff9a64d.json b/mobile-attack/relationship/relationship--75a8614f-bf92-455d-b2ef-7085aff9a64d.json
new file mode 100644
index 0000000000..b18d7d1726
--- /dev/null
+++ b/mobile-attack/relationship/relationship--75a8614f-bf92-455d-b2ef-7085aff9a64d.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4f420f3f-4ef2-4612-bda8-27000ed3abe6",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--75a8614f-bf92-455d-b2ef-7085aff9a64d",
+            "created": "2023-08-16T16:33:56.014Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-15T19:16:57.874Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can log keystrokes and gather the lock screen password of an infected device by abusing Accessibility Services.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json b/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json
index 2c16108f6e..cb73b9ffd3 100644
--- a/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json
+++ b/mobile-attack/relationship/relationship--75ed2348-279f-4485-97a3-9a5ada27d799.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--818f7a66-1e92-4dfe-9b17-a9099294efb6",
+    "id": "bundle--c810d402-597b-41bb-9e3f-c1c28e25457f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--760037f0-f027-41bb-adf8-1ced6c7085be.json b/mobile-attack/relationship/relationship--760037f0-f027-41bb-adf8-1ced6c7085be.json
new file mode 100644
index 0000000000..1a44a0b52a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--760037f0-f027-41bb-adf8-1ced6c7085be.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4b95cec4-4a42-4dd2-ad80-bb3a05728525",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--760037f0-f027-41bb-adf8-1ced6c7085be",
+            "created": "2023-10-10T15:33:59.225Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "WeLiveSecurity AdDisplayAshas",
+                    "description": "L. Stefanko. (2019, October 24). Tracking down the developer of Android adware affecting millions of users. Retrieved October 29, 2020.",
+                    "url": "https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.225Z",
+            "description": "[Android/AdDisplay.Ashas](https://attack.mitre.org/software/S0525) has mimicked Facebook and Google icons on the \u201cRecent apps\u201d screen to avoid discovery and uses the `com.google.xxx` package name to avoid detection.(Citation: WeLiveSecurity AdDisplayAshas)",
+            "relationship_type": "uses",
+            "source_ref": "malware--f7e7b736-2cff-4c2a-9232-352cd383463a",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
index c682eb9d35..bbc59cda2e 100644
--- a/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
+++ b/mobile-attack/relationship/relationship--760faa7b-06cb-48b7-9103-1c52f2ca408f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2ec21af5-941e-43a7-895d-c65ef86fb786",
+    "id": "bundle--aac1f3f1-3cce-4115-8ca4-ecb34ecbc82e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--764ba23e-9902-4a60-8ec3-e0ae1abf92ce.json b/mobile-attack/relationship/relationship--764ba23e-9902-4a60-8ec3-e0ae1abf92ce.json
new file mode 100644
index 0000000000..87a436380a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--764ba23e-9902-4a60-8ec3-e0ae1abf92ce.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--5ffbda14-0de6-4b9d-a850-d8fc0ba066ce",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--764ba23e-9902-4a60-8ec3-e0ae1abf92ce",
+            "created": "2023-09-22T19:16:35.609Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T19:16:35.609Z",
+            "description": "The user is prompted for approval when an application requests device administrator permissions.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
+            "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
index 1b12fd3a94..c50d3c060f 100644
--- a/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
+++ b/mobile-attack/relationship/relationship--7657a4d4-1ba3-4b66-83f7-6db5eab14847.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0fd51175-a2bc-44c0-9d55-82da963ff28b",
+    "id": "bundle--440f3abb-8a32-4d67-9fe3-2be0791b6344",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
index 5b27bb076f..ba2783cefc 100644
--- a/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
+++ b/mobile-attack/relationship/relationship--7696b512-ba2f-4310-86e1-7c528529fc5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--afb4e26f-c7a6-4e56-a165-60802b821c1d",
+    "id": "bundle--6929e2b9-afda-4da2-945d-a4ff1410d4e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json b/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json
index f27493cd08..a0e91cc428 100644
--- a/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json
+++ b/mobile-attack/relationship/relationship--76cc66f4-ce85-4873-a63e-879b4a14a540.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af8e7432-f51c-44ab-9a4c-fbfff0f54b99",
+    "id": "bundle--73203d16-052d-42b6-be7b-81104b20ef82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--76f852f3-f218-40e2-8fa1-6fb15c4cbf98.json b/mobile-attack/relationship/relationship--76f852f3-f218-40e2-8fa1-6fb15c4cbf98.json
new file mode 100644
index 0000000000..d082f0bed4
--- /dev/null
+++ b/mobile-attack/relationship/relationship--76f852f3-f218-40e2-8fa1-6fb15c4cbf98.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--67bcde97-f394-4f22-ae9c-428258246dd3",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--76f852f3-f218-40e2-8fa1-6fb15c4cbf98",
+            "created": "2023-10-10T15:33:59.661Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Sophos Red Alert 2.0",
+                    "description": "J. Chandraiah. (2018, July 23). Red Alert 2.0: Android Trojan targets security-seekers. Retrieved December 14, 2020.",
+                    "url": "https://news.sophos.com/en-us/2018/07/23/red-alert-2-0-android-trojan-targets-security-seekers/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.661Z",
+            "description": "[Red Alert 2.0](https://attack.mitre.org/software/S0539) has masqueraded as legitimate media player, social media, and VPN applications.(Citation: Sophos Red Alert 2.0)",
+            "relationship_type": "uses",
+            "source_ref": "malware--6e282bbf-5f32-476a-b879-ba77eec463c8",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json b/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json
index a8705df009..526c7fb6f6 100644
--- a/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json
+++ b/mobile-attack/relationship/relationship--7793a066-d72b-4a60-9579-e16369ea7185.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--e2ccf2c1-5455-4cf7-994d-6049f5a26587",
+    "id": "bundle--f05a6491-f730-43ad-966e-c024c52a33df",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--7793a066-d72b-4a60-9579-e16369ea7185",
             "created": "2023-03-20T18:57:55.221Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:57:55.221Z",
-            "description": "",
+            "modified": "2023-08-10T22:22:25.132Z",
+            "description": "The user can view a list of apps with accessibility service privileges in the device settings.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
index 40ce953ada..1d74812f01 100644
--- a/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
+++ b/mobile-attack/relationship/relationship--77efa84c-5ef0-4554-b774-2dbfcca74087.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7126543f-13c2-44ec-b6f8-accfc5f37905",
+    "id": "bundle--713d4fe2-7dcf-42e8-9eab-36a96f2707ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7825f4b1-75ca-4377-b8f6-0dda9311d889.json b/mobile-attack/relationship/relationship--7825f4b1-75ca-4377-b8f6-0dda9311d889.json
new file mode 100644
index 0000000000..545c2e817d
--- /dev/null
+++ b/mobile-attack/relationship/relationship--7825f4b1-75ca-4377-b8f6-0dda9311d889.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--3b3b7669-a979-4a64-9df4-0ff6a909af6a",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--7825f4b1-75ca-4377-b8f6-0dda9311d889",
+            "created": "2023-08-04T18:30:58.116Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:30:58.116Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can access a device\u2019s location.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json b/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json
index b941cd87c6..4a21451a35 100644
--- a/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json
+++ b/mobile-attack/relationship/relationship--78417fce-5aaa-4ad3-a2f1-279fa18bfe45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4779415-7398-4fe2-8351-f0b7b98d1983",
+    "id": "bundle--2bb46c5b-f261-4ac2-9332-fe60c75d406d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
index 5861763757..491764bbc1 100644
--- a/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
+++ b/mobile-attack/relationship/relationship--7850d933-120b-4ae6-998d-8dc4dfd6d164.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4bb15f9c-5405-4608-b3de-8c7b4e111c63",
+    "id": "bundle--6697bee7-4111-41c8-90c1-0029f420c0a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
index 3dffeb102c..47a97f5ece 100644
--- a/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
+++ b/mobile-attack/relationship/relationship--789699c2-44f1-4280-bf86-ab23e6a13e84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5666993c-8b54-4133-a456-9d922c4e9ff8",
+    "id": "bundle--8a2966a2-53e0-4664-b3b8-eeefc47bdff0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
index 6fe2fb623e..44a3bc974a 100644
--- a/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
+++ b/mobile-attack/relationship/relationship--789cb76e-27b0-4762-a2f7-3ff32ce0762d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--74bf54ab-b4bd-4444-8dab-194b10018321",
+    "id": "bundle--49dc7172-5c45-4360-98db-c1ac9b214058",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
index 89cef01adc..3d6c591578 100644
--- a/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
+++ b/mobile-attack/relationship/relationship--789dd0f9-527c-49b3-93b7-851ce4961f0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b554146-4908-4286-8ded-9e95eb48b05f",
+    "id": "bundle--1b08e559-4d2a-4b55-9f0d-e71217d39591",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
index 2012c3d544..1713ce0108 100644
--- a/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
+++ b/mobile-attack/relationship/relationship--78cc0d6d-6347-45a4-a18c-ca76150aa7a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--421727c5-bf48-4e82-8293-fbd345e8107d",
+    "id": "bundle--aa6fb752-a1fc-475e-a251-a3e591d852df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
index 096bb92dcb..a756d888f7 100644
--- a/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
+++ b/mobile-attack/relationship/relationship--78fc4506-5c80-4638-8f51-44a2e28f7aaf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5397480e-224b-4726-ae9b-3e931e4914ab",
+    "id": "bundle--6028224c-b6b5-42a1-b5a1-749b537ab550",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
index 2ad75c133f..7945099c61 100644
--- a/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
+++ b/mobile-attack/relationship/relationship--794c3cb4-1a1f-4d7e-969f-c97dfcd006c7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b511ff0c-3bd0-4947-a6ee-0ee77bafb7f1",
+    "id": "bundle--66e77322-03fc-4177-bcaf-fff94367945d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json b/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json
index bed92b81b6..75bd424af5 100644
--- a/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json
+++ b/mobile-attack/relationship/relationship--7965128c-89d6-411e-b765-c60e0cae96c6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--743138e4-8fb0-4ead-8665-a59feb106dbe",
+    "id": "bundle--e270b80b-e2b8-4191-8350-32f6c5299d10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
index 62f09b921e..46b3e54be0 100644
--- a/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
+++ b/mobile-attack/relationship/relationship--79c3fe5d-585b-401a-8bb4-84bfdc7252a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8825e73-f181-4666-8d0b-74f66337a0e7",
+    "id": "bundle--b6e76436-8ed6-4a8a-81bb-ac6dde0929c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json b/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json
index 2dc2ee6885..912c9c207a 100644
--- a/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json
+++ b/mobile-attack/relationship/relationship--79ef0025-3e1c-4914-9873-19808c2a5bec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f088945e-18e6-4f71-bc61-8ed039015832",
+    "id": "bundle--01001909-bdfb-496b-935c-be44b6228ce3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
index df07f087ff..bdfb9bfba3 100644
--- a/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
+++ b/mobile-attack/relationship/relationship--79f04c05-8299-4e5e-b4c1-3f82637fa47a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--679c1667-3afb-4b7c-a6ab-2b26470259ac",
+    "id": "bundle--50348457-1455-4e23-b525-b89afe484dd5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
index f16e4a1d51..e8063dc587 100644
--- a/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
+++ b/mobile-attack/relationship/relationship--7a50961b-9be4-4042-a6a0-878b612c520e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b94472ca-ba33-4107-b28e-8d07b366d8d6",
+    "id": "bundle--b6af16a6-ccc6-40dd-91ff-786d2f07f165",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
index ba3d7e40cf..b09e5d4203 100644
--- a/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
+++ b/mobile-attack/relationship/relationship--7a8e1611-1a7e-45a0-b518-6efd744fce4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6dbb7de7-2eb7-4431-b32a-bffcf5b73fa3",
+    "id": "bundle--46e45f7a-bf01-4e3e-bf10-3039b77bd054",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
index 1bc521099a..5dfbcafe17 100644
--- a/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
+++ b/mobile-attack/relationship/relationship--7accde36-cb29-43c6-8c66-6486efd867a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a5b0c7f-66ee-4ebb-b137-14d7b75493f8",
+    "id": "bundle--0148096e-dc01-4bad-9eb5-f017349420b1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
index 69ff9cfa50..a936bfd01b 100644
--- a/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
+++ b/mobile-attack/relationship/relationship--7af7d094-3a49-4e5e-99d0-385c79f95f06.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84cd7e3f-f452-4be3-8807-f2ef5f966581",
+    "id": "bundle--d550ea46-72ef-45ae-bf0e-55fb4ca46a15",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
index 7788791dba..71458bf557 100644
--- a/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
+++ b/mobile-attack/relationship/relationship--7b1477bc-8fd0-45ce-8eaa-b3b307f18024.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--92ccc3bb-7bdb-44f3-95e5-af93e93021d4",
+    "id": "bundle--4ab2ea33-d6e6-4cad-be7b-989f6f91b128",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
index 78e7256fd3..2d70d5056d 100644
--- a/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
+++ b/mobile-attack/relationship/relationship--7b3fa5cb-bd70-47e0-acfb-7db99e29e70f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13c79551-2d87-48e3-9354-df5093ff3a4f",
+    "id": "bundle--95eda194-adc0-43cb-be65-139216f6e5b6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
index 89f024e7f5..12fda35b87 100644
--- a/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
+++ b/mobile-attack/relationship/relationship--7b45e72f-5741-4942-aa28-ee7abb6f7046.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7a2405e-0226-41d8-9c40-6cc563db685a",
+    "id": "bundle--3d8fec30-ce05-42f6-b12a-a5a8ed6b8f16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
index 51e8cf67e9..02cfd1a07e 100644
--- a/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
+++ b/mobile-attack/relationship/relationship--7b611c76-0ea1-49c5-9b9a-2e504a0bbe14.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6decd4d3-8127-458f-bda7-8f8c0dc22827",
+    "id": "bundle--4630219b-d6f2-43bc-bda1-8fe08fca6f4d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
index 64645d92f8..3335c0141b 100644
--- a/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
+++ b/mobile-attack/relationship/relationship--7b679dbf-4e31-4d0b-9e13-eb8c3b98b7fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b99aac0d-8c28-4b08-8a84-d534740c3493",
+    "id": "bundle--28cfc19c-3d94-4a01-95f1-ee49ea4b923c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
index 47f6a17c83..ee2dcdc816 100644
--- a/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
+++ b/mobile-attack/relationship/relationship--7b8c3ae2-7e52-4f1d-ad30-788b367a7531.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ca995e6b-87a6-4bef-881c-0d7acaa874bc",
+    "id": "bundle--de5e398c-51bf-4a4b-9f64-59b7f4fdb7d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
index 04c9d61967..7f38c72fb3 100644
--- a/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
+++ b/mobile-attack/relationship/relationship--7ba30703-c3aa-425a-9482-9e9941fd7038.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7dcf05d-9556-406a-8a3d-0c0733cb3a8c",
+    "id": "bundle--f2b45e27-31cd-43df-a3ce-9e9619ea7f9d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json b/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json
index 584f964929..0dca98f1e9 100644
--- a/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json
+++ b/mobile-attack/relationship/relationship--7ba4fb2e-99ff-41ff-8b07-f02e9f74e890.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fbb792fb-580c-4844-b874-18fd44635a73",
+    "id": "bundle--4a67566b-a726-4e46-8a00-4fdfea74b605",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
index 1a9f5ed579..9df4d1ff0e 100644
--- a/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
+++ b/mobile-attack/relationship/relationship--7baa3cab-c4f8-4b91-a6c3-189ad7a6416c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e9ab15b-3abe-4ba9-abf4-563144b1b5ee",
+    "id": "bundle--556e35e2-eb72-49c9-9621-b8586a9bcee0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7bbbd2aa-104f-443a-907e-6e1fbcf0a73e.json b/mobile-attack/relationship/relationship--7bbbd2aa-104f-443a-907e-6e1fbcf0a73e.json
new file mode 100644
index 0000000000..c73aeeeb9d
--- /dev/null
+++ b/mobile-attack/relationship/relationship--7bbbd2aa-104f-443a-907e-6e1fbcf0a73e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--ee4cb771-6f90-4e37-b7d3-fdf2128f52a5",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--7bbbd2aa-104f-443a-907e-6e1fbcf0a73e",
+            "created": "2023-07-21T19:34:29.630Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:34:29.630Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can take and exfiltrate screenshots.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7bc6460d-b36e-41ed-baa0-82d54ec19e57.json b/mobile-attack/relationship/relationship--7bc6460d-b36e-41ed-baa0-82d54ec19e57.json
new file mode 100644
index 0000000000..eeee4bda2c
--- /dev/null
+++ b/mobile-attack/relationship/relationship--7bc6460d-b36e-41ed-baa0-82d54ec19e57.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--afe67764-04d5-452e-974c-df16579ad09c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--7bc6460d-b36e-41ed-baa0-82d54ec19e57",
+            "created": "2023-08-04T18:58:19.825Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:58:58.480Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can exfiltrate data back to the C2 server using HTTP.(Citation: lookout_hornbill_sunbird_0221) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
index a9129433c1..8caabd14ce 100644
--- a/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
+++ b/mobile-attack/relationship/relationship--7bf2e05e-496f-49d1-8a37-48cc3ff8d6cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73eddb4b-3814-4cf5-b6b9-8c6360404fab",
+    "id": "bundle--2736696f-f31e-4430-aed8-0ac948fee18d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7c4a4766-cb63-4a3c-85ef-a1dba3be4a47.json b/mobile-attack/relationship/relationship--7c4a4766-cb63-4a3c-85ef-a1dba3be4a47.json
new file mode 100644
index 0000000000..77ae666d9c
--- /dev/null
+++ b/mobile-attack/relationship/relationship--7c4a4766-cb63-4a3c-85ef-a1dba3be4a47.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c4158d17-14ab-4fb9-883f-7b1f5f36e856",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--7c4a4766-cb63-4a3c-85ef-a1dba3be4a47",
+            "created": "2023-06-09T19:19:56.840Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-06-09T19:19:56.840Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) has monitored for SMS and WhatsApp notifications.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
index 3db3ccbe79..dfd3098563 100644
--- a/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
+++ b/mobile-attack/relationship/relationship--7c6207c7-d738-4a17-8380-595c86574b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e6cbfd8-048e-47e9-8ab9-d03c319b6935",
+    "id": "bundle--ccdd4201-3d5e-4b53-8168-837cbc78547e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
index b3a55a0229..30ae50e162 100644
--- a/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
+++ b/mobile-attack/relationship/relationship--7cae8c80-c603-4352-a704-f3a2f4aa4a56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--acebece4-eb7f-4ca7-926e-bc0774fd6515",
+    "id": "bundle--497b8963-f6d0-4da3-bcc0-c3b2dfdf01a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7d2f869d-a117-4b1f-a783-c6d3fc002562.json b/mobile-attack/relationship/relationship--7d2f869d-a117-4b1f-a783-c6d3fc002562.json
new file mode 100644
index 0000000000..b28e98f050
--- /dev/null
+++ b/mobile-attack/relationship/relationship--7d2f869d-a117-4b1f-a783-c6d3fc002562.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--8c910920-3f5d-46d8-b315-c98e4590b672",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--7d2f869d-a117-4b1f-a783-c6d3fc002562",
+            "created": "2023-07-21T19:38:52.085Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:38:52.085Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) uses unencrypted HTTP traffic between the victim and C2 infrastructure.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--2282a98b-5049-4f61-9381-55baca7c1add",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
index 37f1f56fdf..28ffe7856e 100644
--- a/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
+++ b/mobile-attack/relationship/relationship--7d481598-ece7-469c-b231-619a804c25e5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c10e34d6-d232-4f1f-8dea-7c91204ff0c8",
+    "id": "bundle--4e513cef-e9ae-41e2-aac5-4cec7b7252a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
index 488008ae73..5805707253 100644
--- a/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
+++ b/mobile-attack/relationship/relationship--7d6bba99-ea81-42bc-b02a-e5e98b34a688.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eb356b84-c145-4eb5-90a1-19ae139dd72f",
+    "id": "bundle--6b803427-e2b7-4af5-b9d3-7d3c52fad3aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
index 8b2fb22478..e11d5bddbb 100644
--- a/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
+++ b/mobile-attack/relationship/relationship--7db33293-6971-4c0d-88e0-18f505ebd943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--53e1ebb8-553f-41c3-8e93-78d58f2578e5",
+    "id": "bundle--d8a840b6-ace5-4c21-8a25-c677f5612dfd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json b/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json
index aa085cb056..943e85296d 100644
--- a/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json
+++ b/mobile-attack/relationship/relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--9f52dd71-5ae4-4352-97db-4ceed2745872",
+    "id": "bundle--126ffd88-2b04-4733-9f6a-e609cab76b60",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--7de1af68-d893-40a0-b27a-c9010f5cdc62",
             "created": "2023-03-20T18:57:14.194Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:57:14.194Z",
-            "description": "",
+            "modified": "2023-08-09T14:49:51.309Z",
+            "description": "Enterprises may be able to detect anomalous traffic originating from mobile devices, which could indicate compromise.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a",
             "target_ref": "attack-pattern--5ca3c7ec-55b2-4587-9376-cf6c96f8047a",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
index fa9881ffae..f74f468b83 100644
--- a/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
+++ b/mobile-attack/relationship/relationship--7ded1b79-cf7c-435d-b6ed-2c8872f9393f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--44c5f2ef-4d0e-4980-91eb-183358a097d3",
+    "id": "bundle--80d07d0c-3b1e-48cb-986b-76b67f6e3e28",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
index 4ba6204f54..5e704116fe 100644
--- a/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
+++ b/mobile-attack/relationship/relationship--7defdb15-65d1-40ca-a9da-5c0484892484.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e7bffba-8a52-41c9-9dd7-eeb7b3618c1f",
+    "id": "bundle--4529e98e-8d7d-493d-8aaf-3170654bbfe0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7e00d3ac-a97a-4db0-9699-7474d81413a8.json b/mobile-attack/relationship/relationship--7e00d3ac-a97a-4db0-9699-7474d81413a8.json
new file mode 100644
index 0000000000..42dc7023a7
--- /dev/null
+++ b/mobile-attack/relationship/relationship--7e00d3ac-a97a-4db0-9699-7474d81413a8.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--95993485-4c49-44ff-93f1-948eb4671d01",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--7e00d3ac-a97a-4db0-9699-7474d81413a8",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:41:33.831Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--a21a6a79-f9a1-4c87-aed9-ba2d79536881",
+            "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
index a954048449..8c67bc5f0d 100644
--- a/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
+++ b/mobile-attack/relationship/relationship--7e2d9773-1320-4c8f-a595-2b92bf0fd8ed.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b09c009b-7742-4cce-a8c5-52e84be9146f",
+    "id": "bundle--fbdce528-795b-4447-86be-237dd3b2ad88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json b/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json
index 8c3bc65373..cf3b5f37b3 100644
--- a/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json
+++ b/mobile-attack/relationship/relationship--7e8956e3-7d90-412d-a82f-d61e43239923.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--fbef3e39-5c66-4eb7-9a4e-3efda34bdffe",
+    "id": "bundle--77856563-0d7a-41d2-8de1-d26b5a8e96ed",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--7e8956e3-7d90-412d-a82f-d61e43239923",
             "created": "2023-03-20T18:44:01.387Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:44:01.387Z",
-            "description": "",
+            "modified": "2023-08-14T16:21:32.437Z",
+            "description": "Application vetting services may indicate precisely what content was requested during application execution.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
index 3d02294cd8..8d1aadeb8e 100644
--- a/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
+++ b/mobile-attack/relationship/relationship--7ec3ee9a-6710-46ed-aecb-c0f2a64739ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--194088d2-a4ec-455e-be97-fea9996299e4",
+    "id": "bundle--83ce990d-7445-4025-b0d0-ac64edea56c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
index 7ce5f9dad0..3b347aff27 100644
--- a/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
+++ b/mobile-attack/relationship/relationship--7ee49e53-e75d-4e65-a71f-79919ebb08f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aff40f5e-d5c7-461f-9da5-f4fe6b30d14c",
+    "id": "bundle--30a69198-90ff-4af2-a1dd-e9c2e6152b4b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
index fdf80fef7d..938ed50840 100644
--- a/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
+++ b/mobile-attack/relationship/relationship--7ef9f4cf-863b-4bc4-bdaf-55055263c030.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9fd5217-0825-4c53-8b9d-73af0022441e",
+    "id": "bundle--7c4a60a6-ee6a-430b-9ff1-5b72cdff3f31",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7f4e1ac1-145e-4983-b735-7f70003893aa.json b/mobile-attack/relationship/relationship--7f4e1ac1-145e-4983-b735-7f70003893aa.json
new file mode 100644
index 0000000000..8d034c474f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--7f4e1ac1-145e-4983-b735-7f70003893aa.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--b29b4161-2756-4b65-ac66-5c9f53eddd70",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--7f4e1ac1-145e-4983-b735-7f70003893aa",
+            "created": "2023-08-04T18:29:35.223Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:29:35.223Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate call logs.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
index f635d54ba5..39c221d05f 100644
--- a/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
+++ b/mobile-attack/relationship/relationship--7fcfc36b-bebc-481f-b9af-b65008b045ec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--071b71ee-50c8-4477-8e81-958cd6afc03c",
+    "id": "bundle--d695d881-1c54-4c17-a55b-8d74292de29f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
index dbd001201a..40fb1a59fc 100644
--- a/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
+++ b/mobile-attack/relationship/relationship--7fe8ab9f-b207-4c39-ab5c-e929a1c949f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93a42322-cd71-4f91-9ab3-7ecb19c43ae4",
+    "id": "bundle--6d6b295d-f349-4ab7-a471-119d26ef33a0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
index 708757fbb6..a4418a094e 100644
--- a/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
+++ b/mobile-attack/relationship/relationship--806a9338-be20-4eef-aa54-067633ac0e58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0cce8f07-b241-4f5c-910c-c7f10aec93ab",
+    "id": "bundle--18a511a5-fc05-4e69-97c1-58cdf2bb303d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
index 06c4d1be9a..2206abf43b 100644
--- a/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
+++ b/mobile-attack/relationship/relationship--80778a1e-715d-477b-87fa-e92181b31659.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d31a9b5-3938-4a01-a1b7-8997d7185369",
+    "id": "bundle--f22d5b62-fadd-4a31-90c7-a769eda9c441",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
index 51b1bbfc26..683e92fef9 100644
--- a/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
+++ b/mobile-attack/relationship/relationship--80ac52f9-ffa4-4b6e-b420-95d1b69ae9d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72c8693f-db8f-4e5f-9660-c962cdfd1d50",
+    "id": "bundle--dcdb1e69-b3df-4f99-91f1-8b37969481ef",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--812490b8-2160-47e9-9e1e-c1749b7ee86d.json b/mobile-attack/relationship/relationship--812490b8-2160-47e9-9e1e-c1749b7ee86d.json
new file mode 100644
index 0000000000..3ff63676f8
--- /dev/null
+++ b/mobile-attack/relationship/relationship--812490b8-2160-47e9-9e1e-c1749b7ee86d.json
@@ -0,0 +1,38 @@
+{
+    "type": "bundle",
+    "id": "bundle--509bf04e-17b6-4c2f-ae5d-216d71ad152c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--812490b8-2160-47e9-9e1e-c1749b7ee86d",
+            "created": "2023-09-28T17:40:03.722Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Zimperium FlyTrap",
+                    "description": "A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023.",
+                    "url": "https://www.zimperium.com/blog/flytrap-android-malware-compromises-thousands-of-facebook-accounts/"
+                },
+                {
+                    "source_name": "Trend Micro FlyTrap",
+                    "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts \u2014 Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+                    "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T19:13:17.011Z",
+            "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can collect Facebook account information, such as Facebook ID, email address, cookies, and login tokens.(Citation: Trend Micro FlyTrap)(Citation: Zimperium FlyTrap)",
+            "relationship_type": "uses",
+            "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+            "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--81722aad-f503-4a74-91d5-1843adf8a995.json b/mobile-attack/relationship/relationship--81722aad-f503-4a74-91d5-1843adf8a995.json
new file mode 100644
index 0000000000..f4225fc27b
--- /dev/null
+++ b/mobile-attack/relationship/relationship--81722aad-f503-4a74-91d5-1843adf8a995.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--6c2a9205-dd09-40de-ac53-be6913101c5b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--81722aad-f503-4a74-91d5-1843adf8a995",
+            "created": "2023-08-16T16:36:04.747Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:36:04.747Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can prevent application removal by abusing Accessibility Services.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
index c14589c881..79c5ff3ef4 100644
--- a/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
+++ b/mobile-attack/relationship/relationship--818b8c2b-bd23-4a83-9970-d42063608699.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2d430b42-bce3-425f-a617-6c270e6b7ce5",
+    "id": "bundle--9535bb54-3ce8-4c9b-99a6-ec8d742b0874",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
index 1b145d98a3..9a8412cc1e 100644
--- a/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
+++ b/mobile-attack/relationship/relationship--81db3270-4cb8-4982-8ff8-c28a874e8421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4085720b-dd87-47fc-9176-0d2d7c532ecb",
+    "id": "bundle--77300a45-dac2-4ba3-bc7e-4f0f7d112810",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json b/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json
index 0b0c84aaf4..b32c8bf371 100644
--- a/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json
+++ b/mobile-attack/relationship/relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--ee1e093a-29b4-4f2a-a2c6-1cccf5fd3cc1",
+    "id": "bundle--b6f20578-971e-4984-ad31-3e04fbd98502",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--81dbe111-0f02-49a1-9bba-42a31e6bb416",
             "created": "2023-03-20T18:52:56.247Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:52:56.247Z",
-            "description": "",
+            "modified": "2023-08-08T22:33:23.699Z",
+            "description": "Mobile security products can detect which applications can request device administrator permissions. Application vetting services could be extra scrutinous of applications that request device administrator permissions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
index dffe005c7c..5c54447de2 100644
--- a/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
+++ b/mobile-attack/relationship/relationship--81e1311e-4fe1-4177-ae12-1d50037c5e4f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15cf24ec-de6e-4e22-aa38-6b9bb41bca81",
+    "id": "bundle--3dfcffeb-8b7e-4fb3-97d4-35a19eb30819",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
index 9d38a79af9..df50bf369c 100644
--- a/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
+++ b/mobile-attack/relationship/relationship--81fb62ac-ba04-48d2-8817-52d0652f61a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7a8ea03-2e82-4142-a316-1d505ce70edc",
+    "id": "bundle--bbaa1196-ce76-4152-a000-c8c0a390e79e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json b/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json
index cdd427732b..9fa20c7630 100644
--- a/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json
+++ b/mobile-attack/relationship/relationship--8244700e-6f96-463a-a9c3-810c489a2c60.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--3aba0082-2ef4-4e45-a13f-50f2d8300828",
+    "id": "bundle--13e642b5-ad52-49b7-ab08-160b344ff912",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--8244700e-6f96-463a-a9c3-810c489a2c60",
             "created": "2023-03-20T15:20:24.554Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:20:24.554Z",
-            "description": "",
+            "modified": "2023-08-08T14:54:57.884Z",
+            "description": "Application vetting services could detect applications trying to modify files in protected parts of the operating system.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
index db9e897ee0..99829c2b48 100644
--- a/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
+++ b/mobile-attack/relationship/relationship--82555171-8b78-40f3-84d9-058359ae808a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ebc72f67-0339-446a-bad2-85148c249665",
+    "id": "bundle--3d056302-ffb7-480a-8838-902c9f1f96d2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
index 710a263669..7ac22982ca 100644
--- a/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
+++ b/mobile-attack/relationship/relationship--825ffecc-090f-44c8-87be-f7b72e07f987.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--90d68164-ad16-4bf2-b09c-c6a6794ce4f2",
+    "id": "bundle--2eff501f-a516-4c62-a5f9-cb752b77fc8d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
index 982449df5c..9959bfa98c 100644
--- a/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
+++ b/mobile-attack/relationship/relationship--828417ec-c444-41c8-95b4-c339c5ecf62b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ca98b78-9834-432b-80de-35a3d13de85e",
+    "id": "bundle--b6a3b990-aa07-407d-874f-288e58c39320",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
index 18b2158765..42ee71d301 100644
--- a/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
+++ b/mobile-attack/relationship/relationship--82a51cc3-7a91-43b0-9147-df5983e52b41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e5e5e0c-4de3-4e25-a5d0-baa5ed7665bf",
+    "id": "bundle--8d38d077-5581-4a7a-a9e1-2d2897668b45",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json b/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json
index 61a1ad49fb..9dc04567cb 100644
--- a/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json
+++ b/mobile-attack/relationship/relationship--82b58c75-239e-4dac-b848-bc1f3354adc4.json
@@ -1,25 +1,32 @@
 {
     "type": "bundle",
-    "id": "bundle--01500690-3ca3-4b48-8239-9ec292ff968e",
+    "id": "bundle--a9a27494-4c9e-4429-bbaa-40afd3f4494d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--82b58c75-239e-4dac-b848-bc1f3354adc4",
             "created": "2023-03-20T18:41:18.288Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Samsung Knox Mobile Threat Defense",
+                    "description": "Samsung Knox Partner Program. (n.d.). Knox for Mobile Threat Defense. Retrieved March 30, 2022.",
+                    "url": "https://partner.samsungknox.com/mtd"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:41:18.288Z",
-            "description": "",
+            "modified": "2023-08-07T22:14:04.455Z",
+            "description": "Application vetting services could detect the invocations of methods that could be used to execute shell commands.(Citation: Samsung Knox Mobile Threat Defense)",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--82e93a9e-6968-497f-8043-a08d0f35bd32.json b/mobile-attack/relationship/relationship--82e93a9e-6968-497f-8043-a08d0f35bd32.json
new file mode 100644
index 0000000000..0f91256022
--- /dev/null
+++ b/mobile-attack/relationship/relationship--82e93a9e-6968-497f-8043-a08d0f35bd32.json
@@ -0,0 +1,38 @@
+{
+    "type": "bundle",
+    "id": "bundle--177ec0f3-287c-429a-bf89-6a822f8b7e1b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--82e93a9e-6968-497f-8043-a08d0f35bd32",
+            "created": "2023-10-10T15:33:57.378Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Trend Micro Anubis",
+                    "description": "K. Sun. (2019, January 17). Google Play Apps Drop Anubis, Use Motion-based Evasion. Retrieved January 20, 2021.",
+                    "url": "https://www.trendmicro.com/en_us/research/19/a/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics.html"
+                },
+                {
+                    "source_name": "Cofense Anubis",
+                    "description": "M. Feller. (2020, February 5). Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications. Retrieved April 8, 2020.",
+                    "url": "https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.378Z",
+            "description": "[Anubis](https://attack.mitre.org/software/S0422) has requested accessibility service privileges while masquerading as \"Google Play Protect\" and has disguised additional malicious application installs as legitimate system updates.(Citation: Cofense Anubis)(Citation: Trend Micro Anubis)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
index 6d2d95edf4..4cac4da23f 100644
--- a/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
+++ b/mobile-attack/relationship/relationship--82f12052-783e-40e4-8079-d9c030c310fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--493f8e78-f4ce-4e6a-8958-131e0c9c4fba",
+    "id": "bundle--ffd72269-c560-418d-b48b-00e6705832a5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
index 4e1ddc74ad..212562e70c 100644
--- a/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
+++ b/mobile-attack/relationship/relationship--82f51cc6-6ce4-459e-b598-7b2b77983469.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--745aa3eb-7cbf-477b-9622-3efa99a083bc",
+    "id": "bundle--07c45cf6-978c-4ed6-af02-bbf141f36dd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--83358774-0857-429c-9f7a-151403e52881.json b/mobile-attack/relationship/relationship--83358774-0857-429c-9f7a-151403e52881.json
new file mode 100644
index 0000000000..c981a96342
--- /dev/null
+++ b/mobile-attack/relationship/relationship--83358774-0857-429c-9f7a-151403e52881.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--dfea2fff-caf3-4038-a9f0-78dbe4091e79",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--83358774-0857-429c-9f7a-151403e52881",
+            "created": "2023-10-10T15:33:59.912Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Threat Fabric Exobot",
+                    "description": "Threat Fabric. (2017, February). Exobot - Android banking Trojan on the rise. Retrieved October 29, 2020.",
+                    "url": "https://www.threatfabric.com/blogs/exobot_android_banking_trojan_on_the_rise.html"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.912Z",
+            "description": "[Exobot](https://attack.mitre.org/software/S0522) has used names like WhatsApp and Netflix.(Citation: Threat Fabric Exobot)",
+            "relationship_type": "uses",
+            "source_ref": "malware--c91cec55-634c-4670-ba10-2dc7ceb28e98",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
index 97660b68ab..b79214dbdb 100644
--- a/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
+++ b/mobile-attack/relationship/relationship--833b4c44-7370-4b27-b9b2-a058c27dcf8c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0abaf707-42dc-44e7-b95a-090ca4a61a1c",
+    "id": "bundle--9da1e073-f7df-4a18-9956-644ce7512dba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
index 1e949de929..23ee6ff426 100644
--- a/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
+++ b/mobile-attack/relationship/relationship--834c9a7e-6520-486d-ba60-c3a8b2f9eb1a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54a55581-4916-417e-b7f2-9fe20a9470f2",
+    "id": "bundle--4b169b44-4663-4beb-bc97-4329d9ebe7ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
index da4d663418..6936f53ca2 100644
--- a/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
+++ b/mobile-attack/relationship/relationship--83991b5c-59b9-4fe5-9ef2-39c6ddc8b835.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae93ed44-5d62-4a99-ab30-983553a2eabf",
+    "id": "bundle--f6bf570e-6958-4efe-a56c-b9853a7ead16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
index 956cc72421..fd7ffc3172 100644
--- a/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
+++ b/mobile-attack/relationship/relationship--83d95d05-7545-4295-894b-f33a2ba1063b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c5c18e7f-cca6-43ff-9c92-afa18f9503e9",
+    "id": "bundle--a334155b-2b5a-4a2d-9cfd-12ad41abff52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json b/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json
index 7af98b96e1..893669d4b1 100644
--- a/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json
+++ b/mobile-attack/relationship/relationship--848581bc-bf8f-40e2-871e-cd67042b4adf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ed5ced62-b8ae-4ae1-9a4a-27143a5e769b",
+    "id": "bundle--3de9fc0d-7e14-4d88-9b17-49ac942b8015",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8499ffce-1045-4a8a-9e09-ec53d535a021.json b/mobile-attack/relationship/relationship--8499ffce-1045-4a8a-9e09-ec53d535a021.json
new file mode 100644
index 0000000000..f9679a6cc0
--- /dev/null
+++ b/mobile-attack/relationship/relationship--8499ffce-1045-4a8a-9e09-ec53d535a021.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--920093d8-c839-4a1f-83fc-1442e423f110",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--8499ffce-1045-4a8a-9e09-ec53d535a021",
+            "created": "2023-10-10T15:33:58.887Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Palo Alto HenBox",
+                    "description": "A. Hinchliffe, M. Harbison, J. Miller-Osborn, et al. (2018, March 13). HenBox: The Chickens Come Home to Roost. Retrieved September 9, 2019.",
+                    "url": "https://unit42.paloaltonetworks.com/unit42-henbox-chickens-come-home-roost/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.887Z",
+            "description": "[HenBox](https://attack.mitre.org/software/S0544) has masqueraded as VPN and Android system apps.(Citation: Palo Alto HenBox)",
+            "relationship_type": "uses",
+            "source_ref": "malware--aef537ba-10c2-40ed-a57a-80b8508aada4",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--84dbe7c6-421b-4bfb-b022-6c585c2e50c4.json b/mobile-attack/relationship/relationship--84dbe7c6-421b-4bfb-b022-6c585c2e50c4.json
new file mode 100644
index 0000000000..894198ae45
--- /dev/null
+++ b/mobile-attack/relationship/relationship--84dbe7c6-421b-4bfb-b022-6c585c2e50c4.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--b1b5a467-5495-4340-adb5-69eaef0e053a",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--84dbe7c6-421b-4bfb-b022-6c585c2e50c4",
+            "created": "2023-10-10T15:33:59.401Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Trend Micro Bouncing Golf 2019",
+                    "description": "E. Xu, G. Guo. (2019, June 28).  Mobile Cyberespionage Campaign \u2018Bouncing Golf\u2019 Affects Middle East. Retrieved January 27, 2020.",
+                    "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/mobile-cyberespionage-campaign-bouncing-golf-affects-middle-east/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.401Z",
+            "description": "[Bouncing Golf](https://attack.mitre.org/groups/G0097) distributed malware as repackaged legitimate applications, with the malicious code in the `com.golf` package.(Citation: Trend Micro Bouncing Golf 2019)",
+            "relationship_type": "uses",
+            "source_ref": "intrusion-set--049cef3b-22d5-4be6-b50c-9839c7a34fdd",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
index a74a94154c..07a0834902 100644
--- a/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
+++ b/mobile-attack/relationship/relationship--8570b7ef-a84d-480e-b1ca-b15f15d12103.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3217a64c-7ab8-4873-99ad-8b64c7bc7cd4",
+    "id": "bundle--6bcb0af4-09e0-41ac-9424-52fc4106491b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
index ea865a9a7b..74fc033c15 100644
--- a/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
+++ b/mobile-attack/relationship/relationship--85c7e956-3ce5-4495-b52e-385ae2ee4f9b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2410d94d-8642-4b1d-a33b-9c1cff491266",
+    "id": "bundle--2015dbbb-9c30-42fc-9e07-f66fbf548a5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
index 7a7628897c..3f19c49ca4 100644
--- a/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
+++ b/mobile-attack/relationship/relationship--85e0d8c5-b9d6-4a10-963a-aeb54eba4f02.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2b41307-812b-47da-9fc2-5fc650fbc351",
+    "id": "bundle--013e533d-e6bc-43a3-9c34-cc7b5e4d0df5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
index fa179de23a..e16ade7fb4 100644
--- a/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
+++ b/mobile-attack/relationship/relationship--8611661c-04b4-4a82-9669-2d0e26b7b3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e1e5771-057e-4b2c-97c2-af93d63d6600",
+    "id": "bundle--68b63c48-8c05-498c-991c-856b5e3d08c5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
index b97b7b98d4..9146161aa4 100644
--- a/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
+++ b/mobile-attack/relationship/relationship--86170d29-0e41-44d0-94b0-de7d23718302.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49aaf6f1-b1c0-4b1c-81e9-0eecb9191cb3",
+    "id": "bundle--ed112a70-eccc-49c7-b110-38371ce5438a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
index 892d1d1d9b..db40ec5eaf 100644
--- a/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
+++ b/mobile-attack/relationship/relationship--8634a732-1c5e-4931-a24f-cdcc2f81c788.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0132e74d-a9bc-4c82-aa53-3ed1e924f320",
+    "id": "bundle--5c42042a-5e40-4380-8531-c60b62faf6a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
index 5a5eb0396e..b3976a2407 100644
--- a/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
+++ b/mobile-attack/relationship/relationship--8650e2e8-d8bd-472d-8b9b-54befbea05b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7748deee-5039-4fd7-9969-72313dfc0914",
+    "id": "bundle--7276f5ee-5840-459c-925b-c26fcbf716d8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--867b4929-20f2-47cd-9ab3-43a5a6ea98b5.json b/mobile-attack/relationship/relationship--867b4929-20f2-47cd-9ab3-43a5a6ea98b5.json
new file mode 100644
index 0000000000..57267e06d1
--- /dev/null
+++ b/mobile-attack/relationship/relationship--867b4929-20f2-47cd-9ab3-43a5a6ea98b5.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--0b904997-e7f9-472f-aad1-0603467ddbe2",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--867b4929-20f2-47cd-9ab3-43a5a6ea98b5",
+            "created": "2023-06-09T19:19:38.523Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:11:52.875Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) has a list of file extensions that it may use to log certain operations (creation, open, close, modification, movement, deletion) on files of those types.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
index 542cbffee6..de2ad2d4d6 100644
--- a/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
+++ b/mobile-attack/relationship/relationship--86afe8cc-6d6d-4952-8fee-619e95d53a7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ae7bfe8-5cbb-4e2f-94be-41a832c3cd6e",
+    "id": "bundle--b00a79c4-427d-4465-ba71-921314f8b0f8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
index 36def47ae8..75884f4161 100644
--- a/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
+++ b/mobile-attack/relationship/relationship--86e3c37c-1e4a-450c-850b-c80be8156fe3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--11a40207-b7dc-4268-aaf0-c66b3ca9a45a",
+    "id": "bundle--db5faeda-a8fb-4199-b4fd-9789bf246fdc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
index 7fcac44d11..300c2b9e2e 100644
--- a/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
+++ b/mobile-attack/relationship/relationship--8726b157-3575-450f-bb7f-f17bb18e6aef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--74befc1f-f3c0-4d87-814b-d4b790980a4d",
+    "id": "bundle--6189ec01-ba98-46dc-82e6-73f75d5f752f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
index c3d0cd1b06..f62d2bf2c3 100644
--- a/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
+++ b/mobile-attack/relationship/relationship--873b98de-d7cf-471b-9aa2-229eb03c9165.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ded5e2aa-43fd-41b1-b142-87c9d923e486",
+    "id": "bundle--b697d133-8446-4179-8238-f534128f4139",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
index 3fcffe2b35..76d2ede593 100644
--- a/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
+++ b/mobile-attack/relationship/relationship--875dc21d-92c3-45bf-be37-faa44f4449bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ab63e54-0649-4f26-89f5-596a9b3283e1",
+    "id": "bundle--06739911-8e8a-4859-85df-f36ac8682369",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
index 9ece601190..d0be69dff7 100644
--- a/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
+++ b/mobile-attack/relationship/relationship--876fc8ee-aeae-4d4b-b4ce-541b432e5298.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b362b8c2-ce82-4d86-919f-e54a3e92100d",
+    "id": "bundle--a9b5c584-ef8d-4f85-9cd9-87a705148164",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json b/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json
index 37dcbb65a9..df31b97c0e 100644
--- a/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json
+++ b/mobile-attack/relationship/relationship--886849fc-f83c-4d69-b700-bfad0def765d.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--88f6f761-7fd2-4c47-b097-2b72b97a1353",
+    "id": "bundle--64f2af7c-6db9-44bf-9cc4-c7315f37f380",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--886849fc-f83c-4d69-b700-bfad0def765d",
             "created": "2023-03-16T18:32:30.054Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:32:30.054Z",
-            "description": "",
+            "modified": "2023-08-10T22:12:27.186Z",
+            "description": "On Android, the user can manage which applications have permission to access the call log through the device settings screen, revoking the permission if necessary.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
index 605508be64..26721b3d0f 100644
--- a/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
+++ b/mobile-attack/relationship/relationship--8870c211-820a-46a1-96fc-02f4e6eaec03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb09616a-46ca-4be8-a867-0ac507c50ed9",
+    "id": "bundle--55ce30af-df5b-4909-b518-5bbe46c23172",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88de8869-2b01-4702-8518-e4e78fde44d9.json b/mobile-attack/relationship/relationship--88de8869-2b01-4702-8518-e4e78fde44d9.json
new file mode 100644
index 0000000000..f7eeeaf0cc
--- /dev/null
+++ b/mobile-attack/relationship/relationship--88de8869-2b01-4702-8518-e4e78fde44d9.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--d020017c-9fe0-4af1-a104-008387857ad8",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--88de8869-2b01-4702-8518-e4e78fde44d9",
+            "created": "2023-07-12T20:45:18.766Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-12T20:45:18.766Z",
+            "description": "",
+            "relationship_type": "subtechnique-of",
+            "source_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
index ff23ca7702..27c0a34fdd 100644
--- a/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
+++ b/mobile-attack/relationship/relationship--88ded3fb-759e-4e96-946b-e7148c54856e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e02ade28-f4f7-4cae-88dc-0b4fec6c2bf6",
+    "id": "bundle--6cc6c69d-2d5b-423c-a000-0b2039b4d012",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
index 6843d5ae26..76a5d064ff 100644
--- a/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
+++ b/mobile-attack/relationship/relationship--88e33687-e999-42c8-b46b-49d2adfa17d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc48732c-a59b-4f78-a46a-4bab8b5b62a2",
+    "id": "bundle--c843b618-c04e-400f-a1e5-538774a7f289",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
index 18a7b17f9d..283dcc39d2 100644
--- a/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
+++ b/mobile-attack/relationship/relationship--88ea5004-8bdb-4af4-a2dc-a8c56236ff03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93b08232-cb32-4d91-97ba-57e20addf3ee",
+    "id": "bundle--b2cde782-76af-41bb-b7ad-a9d1419d324a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
index c8d1bed99f..a1f697cebc 100644
--- a/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
+++ b/mobile-attack/relationship/relationship--891edea2-817c-4eeb-9991-b6e095c269a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f760c3b1-d502-4e59-ba2c-9f14218460ba",
+    "id": "bundle--395eb8e7-32a0-4288-9e79-94d183f36344",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
index 0135530438..5144c925dc 100644
--- a/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
+++ b/mobile-attack/relationship/relationship--8936c564-b11a-4c9e-a32a-76e7d7e0c8b0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2af5d25-a798-450a-8c48-1318957ae337",
+    "id": "bundle--bca78c37-36e6-41bd-8898-de2d7b42ce66",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
index 5df7090a0d..4e11b291c8 100644
--- a/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
+++ b/mobile-attack/relationship/relationship--89565753-23c4-422d-a9ba-39f4101cd819.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cc260d9b-643a-4fe1-9ca4-6762c4a36326",
+    "id": "bundle--a07ef1cc-2e7c-4751-9770-e4534f0d9d91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json b/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json
index 936726994c..8c2b60ae85 100644
--- a/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json
+++ b/mobile-attack/relationship/relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--0636abf7-4fba-4bb5-b8c9-284585a266c5",
+    "id": "bundle--8c72e258-d047-42b2-b136-6ddba2fbb645",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--89d0de37-87ba-4aa8-832a-a2305e658a7d",
             "created": "2023-03-20T15:55:09.279Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:55:09.279Z",
-            "description": "",
+            "modified": "2023-08-14T16:44:32.659Z",
+            "description": "Application vetting services may be able to detect if an application attempts to encrypt files, although this may be benign behavior.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--d9e88203-2b5d-405f-a406-2933b1e3d7e4",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json b/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json
index aa3a70dd1a..d5688525a8 100644
--- a/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json
+++ b/mobile-attack/relationship/relationship--8a255d63-a770-4b9d-911c-bd906733ceef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08ee2cf5-c980-49e7-94ec-a05381f66026",
+    "id": "bundle--4fbdc7e2-c6ce-4c22-b336-cdb27091c94d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
index bbb3173228..9c00e36631 100644
--- a/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
+++ b/mobile-attack/relationship/relationship--8a55c28d-9cdd-4b6f-91e7-bcb3b05f6724.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa4e1b79-d8bd-4d32-a6ba-9a188bcefd26",
+    "id": "bundle--603c1495-d01d-48d2-9a27-b4a20bfc6983",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8a89f675-4e43-4fe1-8bbd-8e49e07d11be.json b/mobile-attack/relationship/relationship--8a89f675-4e43-4fe1-8bbd-8e49e07d11be.json
new file mode 100644
index 0000000000..68bdc92ffe
--- /dev/null
+++ b/mobile-attack/relationship/relationship--8a89f675-4e43-4fe1-8bbd-8e49e07d11be.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--79538fb3-35a2-42b1-8c5f-acc7ef33ec20",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--8a89f675-4e43-4fe1-8bbd-8e49e07d11be",
+            "created": "2023-07-21T19:35:34.846Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:35:34.846Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can access browser history and bookmarks, and can list all files and folders on the device.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
index edff56e21b..987938e698 100644
--- a/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
+++ b/mobile-attack/relationship/relationship--8a961514-3372-4c3e-b7ee-e3d053c3d5f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a1302534-2b58-4fe7-af52-22c1b38fd02f",
+    "id": "bundle--1819d92f-80fe-4c48-a759-77a7e2cd10cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
index 3bd0826915..8bb007db5b 100644
--- a/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
+++ b/mobile-attack/relationship/relationship--8b27a786-b4d9-4014-a249-3725442f9f1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--abc3e897-289e-4ce0-8ff9-b5db7100515a",
+    "id": "bundle--7e23cf40-0591-409f-9db0-ddab569438fe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
index 20e47caa29..2783008859 100644
--- a/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
+++ b/mobile-attack/relationship/relationship--8b2c2716-a62b-4c3a-a211-d72bb5ed29b9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41ffdbb1-de43-4e66-ac3a-7715dc16272a",
+    "id": "bundle--3d0a419f-53f1-46fc-b0c5-bbb8e8479df4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json b/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json
index e356823cf5..fa1c276480 100644
--- a/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json
+++ b/mobile-attack/relationship/relationship--8b3e74ad-7cc4-4ed2-84d2-c745e6997711.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e509b22-a629-4ab3-9812-5a34e3d10058",
+    "id": "bundle--c3bd5bc2-8e12-4e7d-af81-e6af50d4175f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
index c66cd6f68d..1a5101c8af 100644
--- a/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
+++ b/mobile-attack/relationship/relationship--8b66543e-2ea1-4ff7-84d9-f8f431f53781.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a0e1450-8948-45fd-a390-bd04b9602b1a",
+    "id": "bundle--886bf04d-bd04-48af-8768-8336ddb04a81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json b/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json
index 991fbfcef4..642a26e889 100644
--- a/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json
+++ b/mobile-attack/relationship/relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--362a1561-76dc-49a6-a16e-78d818f1707f",
+    "id": "bundle--41d093c8-3804-4450-baea-453105a11897",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--8b8a9c44-c8a4-4f30-a3d8-a23310f6c090",
             "created": "2023-03-20T18:58:30.773Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:58:30.773Z",
-            "description": "",
+            "modified": "2023-08-08T16:43:56.718Z",
+            "description": "On Android 10 and later, the system shows a notification to the user when an app has been accessing device location in the background.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
             "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
index cce2357d3b..3379f117c3 100644
--- a/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
+++ b/mobile-attack/relationship/relationship--8bc0abc2-a413-4c05-b2b8-2a92d9cc5556.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0fba376b-9e80-4a37-9c3b-e19feccb0607",
+    "id": "bundle--bb81741f-c9fe-419e-b910-e7b92112bf28",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json b/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json
index 0d6ff4c42b..8da80d9ec2 100644
--- a/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json
+++ b/mobile-attack/relationship/relationship--8bc21e5d-b6bb-4c93-9419-19a12061de52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ff6995d1-39a6-4e4f-ba8a-913245fb6d1e",
+    "id": "bundle--d9565e4a-a2a4-49be-890a-aca5d865448e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8bcc9da8-c390-4151-b72d-30604820673e.json b/mobile-attack/relationship/relationship--8bcc9da8-c390-4151-b72d-30604820673e.json
new file mode 100644
index 0000000000..7d9d319af2
--- /dev/null
+++ b/mobile-attack/relationship/relationship--8bcc9da8-c390-4151-b72d-30604820673e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--12bf2789-facc-4b02-9676-8c9183d7fbc4",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--8bcc9da8-c390-4151-b72d-30604820673e",
+            "created": "2023-08-04T19:05:04.644Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:05:04.644Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can search for installed applications such as WhatsApp.(Citation: lookout_hornbill_sunbird_0221) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json b/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json
index cbb3d20abf..49483236bc 100644
--- a/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json
+++ b/mobile-attack/relationship/relationship--8c034c66-18ad-4b30-9f17-ed574c10918f.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--5d48dd76-0ebb-44de-a82e-19a062b37a07",
+    "id": "bundle--59e051f3-bf9d-45a0-86cf-e4b6efd693c9",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--8c034c66-18ad-4b30-9f17-ed574c10918f",
             "created": "2023-03-20T18:56:20.203Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:56:20.203Z",
-            "description": "",
+            "modified": "2023-08-10T22:08:44.242Z",
+            "description": "The user can view permissions granted to an application in device settings. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
index 20f6eff900..d774b7d10a 100644
--- a/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
+++ b/mobile-attack/relationship/relationship--8c3296f6-3520-4d1b-8b57-bdd48a5aac91.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb3655a2-caad-40dc-b376-c10007cf6629",
+    "id": "bundle--af1e3a20-d227-4776-8d6d-92cb165c269a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json b/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json
index fa11c7c1ab..81dda55dfe 100644
--- a/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json
+++ b/mobile-attack/relationship/relationship--8c50e9e7-e13c-4814-98d0-088d73b10005.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--248c742b-8617-4b6c-bb8a-3254414713d0",
+    "id": "bundle--1836094f-170b-462b-a608-ba05a86d4b23",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json b/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json
index a2e86cd75a..e4dd9cc041 100644
--- a/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json
+++ b/mobile-attack/relationship/relationship--8c656539-aa1e-42db-9016-d38f1daaae16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ba1ff52a-5817-4855-b41b-1e1be431367b",
+    "id": "bundle--c3f5cae4-0eda-46c9-9239-26bf1ef8ce77",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json b/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json
index fb4d899254..3ceb06f534 100644
--- a/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json
+++ b/mobile-attack/relationship/relationship--8c7598a6-6046-491d-99a7-52c31974a9a9.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d3ba4883-4c86-4f76-b22e-0ac05d213eb9",
+    "id": "bundle--b295d5df-feab-4afd-8b6d-5c44fe7515a8",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--8c7598a6-6046-491d-99a7-52c31974a9a9",
             "created": "2023-03-20T18:57:40.504Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:57:40.504Z",
-            "description": "",
+            "modified": "2023-08-08T15:36:24.934Z",
+            "description": "Application vetting services could look for misuse of dynamic libraries.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--1ff89c1b-7615-4fe8-b9cb-63aaf52e6dee",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
index 91d0686783..905d3fcaad 100644
--- a/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
+++ b/mobile-attack/relationship/relationship--8c8ce536-d9b5-4dfc-93f1-84c4f222b49e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4dca81e8-7ac0-49db-af8b-1d5775c7a5e2",
+    "id": "bundle--0fd23229-3089-437b-9fee-0b04ea61dd62",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
index 2c126162ac..32bbff1fb7 100644
--- a/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
+++ b/mobile-attack/relationship/relationship--8c9dbc53-27d2-420c-b698-98c23a7ead2b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b97c3f4-e42c-4939-bb81-080125edd04d",
+    "id": "bundle--1132a6e2-6fce-4187-9221-15655aa9b479",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
index 142e7ca68e..4ab0b3cf4d 100644
--- a/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
+++ b/mobile-attack/relationship/relationship--8cb42e3d-69f4-4b0d-98c9-0bb7560947c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d505468-b09a-4b1c-b75f-df2e4f33791d",
+    "id": "bundle--b051a26d-6b0c-44a8-942f-24c87fe2d220",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
index 60b514de4c..7e56070e5a 100644
--- a/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
+++ b/mobile-attack/relationship/relationship--8d027310-93a0-4046-b7ad-d1f461f30838.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6dd407d5-a7d4-433f-94e4-75aaa4761b16",
+    "id": "bundle--002c11ad-0938-4211-98b6-4625e2fcc2a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8d3ca04e-867f-4274-bc61-f18c0282a0a9.json b/mobile-attack/relationship/relationship--8d3ca04e-867f-4274-bc61-f18c0282a0a9.json
new file mode 100644
index 0000000000..707107cc26
--- /dev/null
+++ b/mobile-attack/relationship/relationship--8d3ca04e-867f-4274-bc61-f18c0282a0a9.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--133ea82b-5210-4055-b512-0283fcedd1dc",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--8d3ca04e-867f-4274-bc61-f18c0282a0a9",
+            "created": "2023-08-04T18:29:54.503Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-26T12:53:15.952Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate a device's contacts.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json b/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json
index ba9802ed52..6110b85c84 100644
--- a/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json
+++ b/mobile-attack/relationship/relationship--8d71e646-74d1-4d62-8989-2ad4ddf7a67b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9d6a9bbf-4eb6-42e7-b452-b083d31f57f1",
+    "id": "bundle--9f540c5e-f3ed-4633-8952-9bf4d65abcaa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json b/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json
index 00acef621c..c20b413666 100644
--- a/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json
+++ b/mobile-attack/relationship/relationship--8d72c224-0cf5-4b9b-a98a-76ee3a406803.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3b7b426-7470-42b5-9313-0289150fbb1c",
+    "id": "bundle--2ffbb2cb-a5cb-4b6e-813b-f2dfec8be4e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8e67f2e0-65da-4d27-9d41-e2f9a174331b.json b/mobile-attack/relationship/relationship--8e67f2e0-65da-4d27-9d41-e2f9a174331b.json
new file mode 100644
index 0000000000..20fac30264
--- /dev/null
+++ b/mobile-attack/relationship/relationship--8e67f2e0-65da-4d27-9d41-e2f9a174331b.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--15983f40-8fed-468c-95b6-585ac2591a1b",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--8e67f2e0-65da-4d27-9d41-e2f9a174331b",
+            "created": "2023-10-10T15:33:58.186Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "ThreatFabric Ginp",
+                    "description": "ThreatFabric. (2019, November). Ginp - A malware patchwork borrowing from Anubis. Retrieved April 8, 2020.",
+                    "url": "https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.186Z",
+            "description": "[Ginp](https://attack.mitre.org/software/S0423) has masqueraded as \u201cAdobe Flash Player\u201d and \u201cGoogle Play Verificator\u201d.(Citation: ThreatFabric Ginp)",
+            "relationship_type": "uses",
+            "source_ref": "malware--6146be90-470c-4049-bb3a-9986b8ffb65b",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json b/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json
index 358aee6c52..165df5190f 100644
--- a/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json
+++ b/mobile-attack/relationship/relationship--8e6b9c1e-5e28-4519-95c3-6b4a836661de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d58091c-91fe-4920-9599-a7776a1efc8a",
+    "id": "bundle--1645213b-dbcd-4cc0-b298-99b47bbcbf07",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
index f554766e4c..0d30cced3f 100644
--- a/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
+++ b/mobile-attack/relationship/relationship--8ea39534-6fe9-404c-94b7-0f320af95404.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aa8e9cde-b8a9-4e0d-b628-f03c65f808b7",
+    "id": "bundle--897374c4-490a-4147-a649-b87b8175e111",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
index b31aa516df..a12d3aed12 100644
--- a/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
+++ b/mobile-attack/relationship/relationship--8ec03f4c-5ed8-4c25-956c-3ee6c777a5cc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9bfbf801-97fb-4c8a-8f8e-c12de3895ad1",
+    "id": "bundle--c57b2583-5b12-4d2c-aead-606856960c87",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
index 9d8e8e11d1..b392a636cf 100644
--- a/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
+++ b/mobile-attack/relationship/relationship--8ed14c81-0b30-4bfc-8552-439aa0e920c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e4ba6ca-2181-48b1-b164-f1346a878229",
+    "id": "bundle--d98fbba1-afdf-4573-866d-ca091b4dbfd8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f142643-0448-4b04-8260-8e4e62ad80bb.json b/mobile-attack/relationship/relationship--8f142643-0448-4b04-8260-8e4e62ad80bb.json
new file mode 100644
index 0000000000..0514263ddd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--8f142643-0448-4b04-8260-8e4e62ad80bb.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c566d941-10d4-4fc8-ad5c-9c2f4e75b829",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--8f142643-0448-4b04-8260-8e4e62ad80bb",
+            "created": "2023-08-04T18:34:42.357Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-26T12:54:48.541Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can download adversary specified content from FTP shares.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--2bb20118-e6c0-41dc-a07c-283ea4dd0fb8",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
index 9599ee8c93..ce462bb1b7 100644
--- a/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
+++ b/mobile-attack/relationship/relationship--8f22a4ce-f075-4343-acb0-1d45c56e91e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6acc9cc4-2f5e-45ae-ac7a-3ef2ab311369",
+    "id": "bundle--d2c19781-19ab-41bb-89de-d047e8711e72",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
index 87eef868a7..740740e295 100644
--- a/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
+++ b/mobile-attack/relationship/relationship--8f2929a9-cd25-4e07-b402-447da68aaa56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f46c540c-3c49-4cdd-bb60-9b76935725ba",
+    "id": "bundle--11e21a8f-f3e8-4de5-97e9-4c816b97536c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
index 0beb91c9f0..7f1726456d 100644
--- a/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
+++ b/mobile-attack/relationship/relationship--8f2ff9c5-249d-4a9a-bdc6-0cef887eaefc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--86d874a1-7ecc-4c13-a31d-6125ff6bbb95",
+    "id": "bundle--8a7ea492-3303-42a6-a417-17b90d29e00f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f4c7030-f3e2-4c7d-b5b1-dc6815055c68.json b/mobile-attack/relationship/relationship--8f4c7030-f3e2-4c7d-b5b1-dc6815055c68.json
new file mode 100644
index 0000000000..c505e111d5
--- /dev/null
+++ b/mobile-attack/relationship/relationship--8f4c7030-f3e2-4c7d-b5b1-dc6815055c68.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--9b8bd098-b3a8-485e-be18-04fe2f4e451f",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--8f4c7030-f3e2-4c7d-b5b1-dc6815055c68",
+            "created": "2023-06-09T19:15:30.280Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:07:51.438Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can collect voice notes and messages from WhatsApp, if installed.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
index ea05d48ccb..39e3d41171 100644
--- a/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
+++ b/mobile-attack/relationship/relationship--8f52e1ab-284e-4d0c-bae1-3a8544a22f57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a0486c9-8d19-4bbb-9ac1-7450cbc167f9",
+    "id": "bundle--55d3022a-9040-44a6-b57a-23fe3dbd691a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
index 65c014e4b7..8abafc8b0d 100644
--- a/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
+++ b/mobile-attack/relationship/relationship--8f72a070-cfcb-4d75-ace6-b4427f3ba8d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--843fdfd8-6392-4797-8542-f072b4db54c7",
+    "id": "bundle--c35f4e91-4682-4dc9-aeea-7e58acb5d418",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
index 5ce0393562..24b87cddd8 100644
--- a/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
+++ b/mobile-attack/relationship/relationship--8f88d438-3150-4317-b1fe-b14f13c15ac5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--37da4f5d-9711-416c-822e-9f648ef386dd",
+    "id": "bundle--f09bc87a-5fda-44bd-8136-6e1ea56a1357",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
index 556688a5d6..4ad1160d99 100644
--- a/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
+++ b/mobile-attack/relationship/relationship--8fd05d96-552d-4ef9-98e3-ea70dc84f6a9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7be1f8cd-9749-417f-981a-f56154a4ed5a",
+    "id": "bundle--45f1194b-0142-4779-93c5-c8abea0bdaf6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
index 9a47967ef6..d1a1e3dfcc 100644
--- a/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
+++ b/mobile-attack/relationship/relationship--8ff45341-60d6-40d3-bb38-566814a466f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4cb1d471-93cf-4b8f-ae4c-c112c06726a0",
+    "id": "bundle--ee657c0e-e2ae-469f-ac13-16757d8c1521",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
index 31efafdc47..d0d635f6e0 100644
--- a/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
+++ b/mobile-attack/relationship/relationship--901492b5-b074-4631-ad6e-4178caa4164a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56635374-51ae-4752-8e65-695bd8d8258f",
+    "id": "bundle--0812893c-d96a-4244-9674-1b1790f2cc94",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--907db911-b39c-4230-b6ad-a0ba5ef6926a.json b/mobile-attack/relationship/relationship--907db911-b39c-4230-b6ad-a0ba5ef6926a.json
new file mode 100644
index 0000000000..4e06ec1fc7
--- /dev/null
+++ b/mobile-attack/relationship/relationship--907db911-b39c-4230-b6ad-a0ba5ef6926a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--45e23424-9a86-415a-8b40-9dbb01f8e17e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--907db911-b39c-4230-b6ad-a0ba5ef6926a",
+            "created": "2023-09-28T17:39:24.890Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Trend Micro FlyTrap",
+                    "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts \u2014 Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+                    "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:39:24.890Z",
+            "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can collect device geolocation data.(Citation: Trend Micro FlyTrap)",
+            "relationship_type": "uses",
+            "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+            "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
index 141268a4af..4f95389cb9 100644
--- a/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
+++ b/mobile-attack/relationship/relationship--90d4d964-efa2-46ac-adc2-759886e07158.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--300825ae-b635-4007-a6a9-709b89bff07d",
+    "id": "bundle--3f677efb-12a4-4609-9668-744d0c3fe883",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
index 94c70a1707..50a150fde6 100644
--- a/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
+++ b/mobile-attack/relationship/relationship--90d58c65-acb9-4d7b-89b9-f4b35593c861.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af083320-f78f-4320-a4b5-0c932261d777",
+    "id": "bundle--7ebd8f55-3d5e-45c9-9e59-bfe22cc2c361",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
index 45e76c0ead..2804a79dfd 100644
--- a/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
+++ b/mobile-attack/relationship/relationship--910009da-65c0-4e6a-aeb2-386c643d1c0e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--448b022c-a6e0-4d40-83f6-29169b90bc66",
+    "id": "bundle--dcfdf0cb-0021-436d-89a4-ffd5867a25cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
index 095cddbcb3..03c3135448 100644
--- a/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
+++ b/mobile-attack/relationship/relationship--91831379-b0da-4019-a7bb-17e53cda9d0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b86d65d5-2bbd-4d7b-a5df-ffb17c2f278d",
+    "id": "bundle--5b853700-b23d-4467-85bf-4531c786e6c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
index 744215a170..82d2b36e9e 100644
--- a/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
+++ b/mobile-attack/relationship/relationship--919a13bc-74be-4660-af63-454abee92635.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9ad0ba6-aca0-4d82-ab8d-ff779da0fa4d",
+    "id": "bundle--2b65952a-8e7c-4db4-9659-7a600b376ca9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json b/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json
index b494b443fe..0a0b62efb3 100644
--- a/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json
+++ b/mobile-attack/relationship/relationship--91a4924f-2519-4662-91f2-b7ef715a459f.json
@@ -1,25 +1,32 @@
 {
     "type": "bundle",
-    "id": "bundle--b2703a29-0a00-4f6d-ad00-28121f9d6de5",
+    "id": "bundle--8850a6ea-6caf-4f05-acb6-8ba4bf652596",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--91a4924f-2519-4662-91f2-b7ef715a459f",
             "created": "2023-03-20T18:59:55.756Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Samsung Knox Mobile Threat Defense",
+                    "description": "Samsung Knox Partner Program. (n.d.). Knox for Mobile Threat Defense. Retrieved March 30, 2022.",
+                    "url": "https://partner.samsungknox.com/mtd"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:59:55.756Z",
-            "description": "",
+            "modified": "2023-08-08T17:10:20.748Z",
+            "description": "Application vetting can detect many techniques associated with impairing device defenses.(Citation: Samsung Knox Mobile Threat Defense)",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
index 0d492af3e2..8c2badf0bb 100644
--- a/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
+++ b/mobile-attack/relationship/relationship--91de92af-fe1d-469e-8c36-1a9f4b621a27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e47b916a-2ff7-4257-9eb5-cc1e3141d249",
+    "id": "bundle--dba58cf1-c384-497a-8c61-2262d9568f19",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
index 69f5ba1226..6bd604a49d 100644
--- a/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
+++ b/mobile-attack/relationship/relationship--92129d5b-7822-4e84-8a69-f96b598fba9e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cde8f20e-39c8-4147-a5ee-8069f9b99be6",
+    "id": "bundle--3938f8a3-81e2-4b9d-a6d2-6b5adeba35df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
index 5d6821a493..40928bd87f 100644
--- a/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
+++ b/mobile-attack/relationship/relationship--92879f0e-d1db-4407-9cc6-c1dbcc47caea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54bae4ea-de3e-4253-ad7d-48983c51428e",
+    "id": "bundle--54f6067e-e3a0-4e47-a3c1-838c8e98d62d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
index 70c45a94be..18206cc0f2 100644
--- a/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
+++ b/mobile-attack/relationship/relationship--92c9106d-a71b-4a4f-a9d4-ef692a0294eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5d8c695-2487-4cc9-9750-970a04b5ee8e",
+    "id": "bundle--f624ff46-fdc3-42c0-8c09-36b757f5e3ad",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
index c789d5b410..30c733be7a 100644
--- a/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
+++ b/mobile-attack/relationship/relationship--93395e61-0d3e-4ea6-9c1b-08d4a04005a0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1303e151-f83d-4dcf-8d4f-69a7f758b501",
+    "id": "bundle--0ea2928f-09a1-4046-8b92-29f8946982c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
index be8fa9e8d7..e545a24e5b 100644
--- a/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
+++ b/mobile-attack/relationship/relationship--935fd3e3-dd47-4c43-bdd8-1668af26395f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b860eb38-c0bd-4b02-9d88-d9beba13a722",
+    "id": "bundle--2f83c25c-f258-4a46-a547-af871b159de3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
index 075b9bcfa9..24fb81bd34 100644
--- a/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
+++ b/mobile-attack/relationship/relationship--9366529d-fba9-4ef6-b4ee-b6b41aa3b18c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5bd72159-4c9a-4499-aff1-376de568a2c2",
+    "id": "bundle--a2874c52-849b-4d5e-94ae-48adf1363140",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
index fd6b360e64..34e2cda866 100644
--- a/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
+++ b/mobile-attack/relationship/relationship--9373912a-affa-4a3c-ad97-1b8311e228ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5bdd0ece-83aa-4110-89f1-d8ba2bd427ab",
+    "id": "bundle--cb6d5a70-a6e1-4ed1-8eee-5b2f32ed5fe6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
index 2124ee21cf..c67e999349 100644
--- a/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
+++ b/mobile-attack/relationship/relationship--9398bf9d-be77-4ac2-acea-893152cafd16.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4330cfe5-16e4-4206-8ac8-2d8fe780c60c",
+    "id": "bundle--e3c39dd6-cc23-4a89-8fcf-62662580138a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
index 92a814a730..9eb1d764c8 100644
--- a/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
+++ b/mobile-attack/relationship/relationship--93b2474b-0ba6-469e-a4e8-d17a41d0d016.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9fc2546b-66b5-45d4-9fef-c9e30e64ce9b",
+    "id": "bundle--316207b3-f5d8-4371-964f-57099928c28e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json b/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json
index 6d66e7fd11..71fc3cff58 100644
--- a/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json
+++ b/mobile-attack/relationship/relationship--93b6bf37-5614-4317-8ed7-42f098152c40.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0c3dd57b-b5bc-4d31-b820-7c623d51ffd0",
+    "id": "bundle--814f3ca2-9f70-436b-8ae3-dd2ba2f5b12e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
index 3403bdd56a..cc24249792 100644
--- a/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
+++ b/mobile-attack/relationship/relationship--93c20f43-6684-471c-910f-d9577f289677.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96fd5608-798e-469f-bb2e-f7052950e903",
+    "id": "bundle--b36b4fc0-748e-4964-b1b3-338ab0eba107",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
index a152ddcda3..bf387cca8b 100644
--- a/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
+++ b/mobile-attack/relationship/relationship--94040d2e-3f60-423c-8a93-a83b61cafe7d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c6f0c1a0-e5af-4142-beb5-551c0588df6e",
+    "id": "bundle--2d99186a-a67f-4a13-9f4d-b89a9b45edd5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
index cfcf7f0707..fc9a474b65 100644
--- a/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
+++ b/mobile-attack/relationship/relationship--9432fabf-9487-469c-86c9-b9d26b013c85.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1fedc25-6c18-4576-a1b9-43d860dfd39e",
+    "id": "bundle--7298fd03-3d29-43f7-ad49-49c69171711d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
index 08363688b7..9d2a84d164 100644
--- a/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
+++ b/mobile-attack/relationship/relationship--945db15a-b356-4e05-a6a0-9b24ca9aa348.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4c2dfd05-e8cf-403f-8fd2-33d66dcea31f",
+    "id": "bundle--95e0dc52-f548-4c9f-aa10-2a46244e433b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
index 7e4f193668..fbe010e779 100644
--- a/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
+++ b/mobile-attack/relationship/relationship--947e2398-4565-4ae0-8cc2-fb0ef5f9c73f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5792d3c-18ef-4587-a1b1-6fb2f4c6aaa2",
+    "id": "bundle--8ca33579-20fb-45d3-bb05-95125d047871",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
index d5f965f303..eb880a7585 100644
--- a/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
+++ b/mobile-attack/relationship/relationship--94bf07c4-3bf0-4ecc-8043-644e59fb9ec4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2dd42649-2bdb-4f38-8ba5-2d382488dcdf",
+    "id": "bundle--06a79620-3c80-45bb-a39e-a65a0ff7b6b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
index 45cf6aa140..397ac0c438 100644
--- a/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
+++ b/mobile-attack/relationship/relationship--94e111fa-81d1-4882-ae73-4d6ad6367b9f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c6e8f001-a879-4a31-81a3-e48b9d42ec29",
+    "id": "bundle--9447d74f-95b1-47ed-8a54-c37403aeb8b3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
index a1040aec9e..39809262dd 100644
--- a/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
+++ b/mobile-attack/relationship/relationship--950e1476-83ca-4e81-b542-c91a19b206d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4c7509f-a6a5-4e0a-8443-dbf498a49953",
+    "id": "bundle--dd80e134-a366-4319-8dc3-74885161a78f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
index 878323ea43..efba6e1233 100644
--- a/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
+++ b/mobile-attack/relationship/relationship--95bf4e8b-f388-48a0-b236-c2077252e71e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7e872ab-9d7d-4a2c-84a6-a0ec1902d913",
+    "id": "bundle--3480d0fc-45cf-419f-8c77-95d1bfd0d170",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
index e7ba143b97..971ffe1d10 100644
--- a/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
+++ b/mobile-attack/relationship/relationship--95fec5e4-d48a-471f-8223-711cd32659b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c41f541-6620-45bd-9f0e-2511996a0590",
+    "id": "bundle--62dc746b-87e5-41b8-a790-fd5347c2713a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
index e0787f8449..cf320fec32 100644
--- a/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
+++ b/mobile-attack/relationship/relationship--96298aed-9e9f-4836-b29b-04c88e79e53e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98e67034-3362-4c53-8bb9-58921eafb5c6",
+    "id": "bundle--b63fbc8e-d4fe-4956-af5a-646a8fd5b236",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
index 479ab94e08..ae8f11b3f1 100644
--- a/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
+++ b/mobile-attack/relationship/relationship--9634001c-575b-47aa-acd2-c3b1e900bd0b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26fc4c1b-b864-488d-9c16-5220e9d6c669",
+    "id": "bundle--d0335679-572e-4086-a5b9-969f64140309",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
index 9dfbde6651..d1eda9e78d 100644
--- a/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
+++ b/mobile-attack/relationship/relationship--96490f73-d8ef-4c6b-9a3a-3c66fc963306.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac53c72f-dc88-40a4-8118-2e4b8dd3a1ba",
+    "id": "bundle--90da2688-1fbb-4f9b-abe1-6243b4afa1a7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
index 7523400b54..d9ff9d03d0 100644
--- a/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
+++ b/mobile-attack/relationship/relationship--96569099-db95-4f3c-8ded-6d9cf023e55e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--581862bb-ca94-4b4f-ada1-5aa8a2b4059c",
+    "id": "bundle--bc80357a-1f4f-4078-a1af-e68ca9888957",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
index 15fb8a9f42..a7ae833f3f 100644
--- a/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
+++ b/mobile-attack/relationship/relationship--96ec33c8-78b6-421f-bab3-bd9d0564db31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--847c61e1-8bf5-4bcc-9a2e-fd2b04508f50",
+    "id": "bundle--9bb3ad2d-87cc-4bdc-886f-8ccf879d70c8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
index 94aa30d708..c5b81e8610 100644
--- a/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
+++ b/mobile-attack/relationship/relationship--97158eda-5092-4939-8b5c-1ef5ab918089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--04c11a9e-e923-4c62-a5f3-4d4d8e9272bc",
+    "id": "bundle--9919c831-2f98-41a3-aea8-3dfd8961dbcf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
index af312e258d..baeb0b3b9e 100644
--- a/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
+++ b/mobile-attack/relationship/relationship--972f0703-f4d7-42d2-8ca2-bec175dac0bf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac587949-537c-414b-b765-16cb9f292bc7",
+    "id": "bundle--4a9f6179-b7f2-4275-811f-1b25669ae60b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json b/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json
index 9de6cc3e13..2b7046a2d9 100644
--- a/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json
+++ b/mobile-attack/relationship/relationship--97408547-bacd-4308-a8be-556e9ff04951.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--581b7de4-3989-4e86-8b4d-94acd8d88e6d",
+    "id": "bundle--f7f1ed3e-bd2f-4295-8d61-745ef499a07d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--97408547-bacd-4308-a8be-556e9ff04951",
             "created": "2023-03-20T18:55:23.628Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:55:23.628Z",
-            "description": "",
+            "modified": "2023-08-09T16:43:16.137Z",
+            "description": "Mobile security products can typically detect rooted devices, which is an indication that Process Discovery is possible. Application vetting could potentially detect when applications attempt to abuse root access or root the system itself. Further, application vetting services could look for attempted usage of legacy process discovery mechanisms, such as the usage of `ps` or inspection of the `/proc` directory.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--1b51f5bc-b97a-498a-8dbd-bc6b1901bf19",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
index 4bb27ce28a..142c3022ca 100644
--- a/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
+++ b/mobile-attack/relationship/relationship--97417113-1840-4e00-98d3-bb222e1a1f60.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--448615f4-af20-4182-ba1e-50c8097e7474",
+    "id": "bundle--b7f2a334-37ff-4bb1-8403-8a28e7faf8ff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
index bc5ca7b156..6ba8629224 100644
--- a/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
+++ b/mobile-attack/relationship/relationship--97738857-d496-4d39-9809-1921e0ad10b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cd95b305-f4c5-470b-9ed1-a482c9595bf4",
+    "id": "bundle--29aeea17-2894-439c-9511-075f33fdd6f0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--980430c1-6173-440e-b75e-c1cdb4c41560.json b/mobile-attack/relationship/relationship--980430c1-6173-440e-b75e-c1cdb4c41560.json
new file mode 100644
index 0000000000..f8f86aa027
--- /dev/null
+++ b/mobile-attack/relationship/relationship--980430c1-6173-440e-b75e-c1cdb4c41560.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--e8113b7b-c4aa-4b5e-be06-1e270af4676f",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--980430c1-6173-440e-b75e-c1cdb4c41560",
+            "created": "2023-09-28T17:40:16.985Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Zimperium FlyTrap",
+                    "description": "A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023.",
+                    "url": "https://www.zimperium.com/blog/flytrap-android-malware-compromises-thousands-of-facebook-accounts/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:40:16.985Z",
+            "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can use HTTP to exfiltrate data to the C2 server.(Citation: Zimperium FlyTrap)",
+            "relationship_type": "uses",
+            "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+            "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
index b86ca71226..93526f32d5 100644
--- a/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
+++ b/mobile-attack/relationship/relationship--980c49f8-d991-4e1f-8feb-6173e3dfca1f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f81789de-a9d1-438a-b920-5a0df56f2200",
+    "id": "bundle--e72a89bb-46a7-49bc-8768-905f075e85e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
index 6b4ba8da1e..9344b82ea8 100644
--- a/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
+++ b/mobile-attack/relationship/relationship--9814ecd5-911a-4776-9dc0-4a4ae0bf6a39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f175ba65-e8ca-46d9-9b4f-bc2bf863b802",
+    "id": "bundle--bf805e6a-6931-4a2e-b374-dfb1f670c75c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9819974c-f093-482b-8b2b-93a05ab7382e.json b/mobile-attack/relationship/relationship--9819974c-f093-482b-8b2b-93a05ab7382e.json
new file mode 100644
index 0000000000..437b5776ff
--- /dev/null
+++ b/mobile-attack/relationship/relationship--9819974c-f093-482b-8b2b-93a05ab7382e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4b0cd028-c048-4392-ae76-2187ca401c6e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--9819974c-f093-482b-8b2b-93a05ab7382e",
+            "created": "2023-08-04T18:31:48.507Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:31:48.507Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate browser history, BlackBerry Messenger files, IMO instant messaging content, and WhatsApp voice notes.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
index 5c0823a0ea..671fc7a421 100644
--- a/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
+++ b/mobile-attack/relationship/relationship--9858ae0b-140b-4dd2-8ba9-1ef22183dec3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a533b48d-848c-4cbe-880d-72ef6d5cf306",
+    "id": "bundle--0293d0ff-27c3-482d-b55c-c144825d2dd5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json b/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json
index a7a10c158e..8c112c3af1 100644
--- a/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json
+++ b/mobile-attack/relationship/relationship--98a4a746-e7bf-494c-9ee3-584403d76d3e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--75b71b0e-ee7a-4a10-9c08-ac8dee1eaf0f",
+    "id": "bundle--fba5ce4e-78eb-4319-9f34-558c78fe0b92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json b/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json
index 1c8742cfea..533c5b3620 100644
--- a/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json
+++ b/mobile-attack/relationship/relationship--98ae9cb2-1141-48c6-81fd-f16adb430031.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6361928-b2f7-4b22-819c-5d382d26bf0d",
+    "id": "bundle--9098acfb-0699-42f8-a221-6f78ea0b39e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
index a76166bafd..2e8629a41b 100644
--- a/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
+++ b/mobile-attack/relationship/relationship--98b14660-79e1-4244-99c2-3dedd84eb68d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--04a98f42-ebab-4ee2-b66e-03ca08f88e48",
+    "id": "bundle--5069f0ae-4ce3-46c4-84e0-82e4758a7b5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
index 6b1640a6c3..6449916e2a 100644
--- a/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
+++ b/mobile-attack/relationship/relationship--98dec4bf-6753-4d7a-8983-d4fd6d1d892a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e135d5e-7e26-4890-adeb-4faaed7567ad",
+    "id": "bundle--e5eef67c-3b0f-4fad-a347-5f8d77e1c728",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--98fb2884-c912-42ff-9c87-4fbabfa70115.json b/mobile-attack/relationship/relationship--98fb2884-c912-42ff-9c87-4fbabfa70115.json
new file mode 100644
index 0000000000..2bec20dda5
--- /dev/null
+++ b/mobile-attack/relationship/relationship--98fb2884-c912-42ff-9c87-4fbabfa70115.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--29eaa7b0-8e95-4caf-8bb0-47b3ab592a7c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--98fb2884-c912-42ff-9c87-4fbabfa70115",
+            "created": "2023-08-08T16:14:01.661Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-08T16:14:01.661Z",
+            "description": "Application vetting services may potentially determine if an application contains suspicious code and/or metadata.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+            "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
index 3ed8c30547..20440076b2 100644
--- a/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
+++ b/mobile-attack/relationship/relationship--991ef2f2-c196-4d5d-bd29-504ea25831f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f7af434-7970-4ba6-9690-b3233fb8f65f",
+    "id": "bundle--89833b28-994c-48c8-bd62-c86aea06abda",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
index e1ce101e70..903eaee772 100644
--- a/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
+++ b/mobile-attack/relationship/relationship--9951d8c0-d210-4776-808b-421b613f244f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c2d704f-9480-4f47-912f-95b6e8b5f143",
+    "id": "bundle--ecdcdefa-e980-48cf-bd8e-b4fd16ab59fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
index ca1a0b3984..7f91efb62a 100644
--- a/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
+++ b/mobile-attack/relationship/relationship--99b4be95-74f2-48f7-b4e9-8b4d88ecd31f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c1038df8-626f-458c-b897-26c53a357349",
+    "id": "bundle--7c469b16-a285-46e3-aed0-3af9cba13464",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9a575420-cdce-4a9f-9ea9-2ae5c469cad9.json b/mobile-attack/relationship/relationship--9a575420-cdce-4a9f-9ea9-2ae5c469cad9.json
new file mode 100644
index 0000000000..6c0c9a34f6
--- /dev/null
+++ b/mobile-attack/relationship/relationship--9a575420-cdce-4a9f-9ea9-2ae5c469cad9.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--a74fa9ee-ed94-424a-b4cf-bf0514ed3f24",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--9a575420-cdce-4a9f-9ea9-2ae5c469cad9",
+            "created": "2023-09-25T19:44:41.503Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "MoustachedBouncer ESET August 2023",
+                    "description": "Faou, M. (2023, August 10). MoustachedBouncer: Espionage against foreign diplomats in Belarus. Retrieved September 25, 2023.",
+                    "url": "https://www.welivesecurity.com/en/eset-research/moustachedbouncer-espionage-against-foreign-diplomats-in-belarus/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-30T22:22:13.142Z",
+            "description": "[MoustachedBouncer](https://attack.mitre.org/groups/G1019) has used legitimate looking filenames for malicious executables including MicrosoftUpdate845255.exe.(Citation: MoustachedBouncer ESET August 2023)",
+            "relationship_type": "uses",
+            "source_ref": "intrusion-set--7251b44b-6072-476c-b8d9-a6e32c355b28",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--9b34ae1e-027f-4b52-9a4f-1e58f6efdc25.json b/mobile-attack/relationship/relationship--9b34ae1e-027f-4b52-9a4f-1e58f6efdc25.json
new file mode 100644
index 0000000000..049c4e489e
--- /dev/null
+++ b/mobile-attack/relationship/relationship--9b34ae1e-027f-4b52-9a4f-1e58f6efdc25.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--955b2c30-3425-4856-8262-7654d74c3aab",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--9b34ae1e-027f-4b52-9a4f-1e58f6efdc25",
+            "created": "2023-06-09T19:16:28.560Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T20:48:05.605Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can take screenshots and can abuse accessibility services to scrape WhatsApp messages, contacts, and notifications.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--73c26732-6422-4081-8b63-6d0ae93d449e",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json b/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json
index e521a686d3..2a8289486d 100644
--- a/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json
+++ b/mobile-attack/relationship/relationship--9b56528f-cf04-4d81-80ee-7bacb862383a.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--a694e357-a5c9-4fbd-82af-619de7eebd19",
+    "id": "bundle--fb14c80e-661f-4c7c-a37b-09811fbf2307",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--9b56528f-cf04-4d81-80ee-7bacb862383a",
             "created": "2023-03-20T18:57:33.693Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:57:33.693Z",
-            "description": "",
+            "modified": "2023-08-14T20:52:56.065Z",
+            "description": "Application vetting services can detect when applications request the `SEND_SMS` permission, which should be infrequently used.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--a8e971b8-8dc7-4514-8249-ae95427ec467",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json b/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json
index 1f9f6242f9..012c2452c6 100644
--- a/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json
+++ b/mobile-attack/relationship/relationship--9b8b51fb-c380-4516-b109-821f015506d4.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--939d9034-8294-470e-b5cb-63eeafb8b35b",
+    "id": "bundle--7a2e6c69-622f-4c91-8d9f-7ad6392eb5c0",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--9b8b51fb-c380-4516-b109-821f015506d4",
             "created": "2023-03-20T15:40:26.994Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:40:26.994Z",
-            "description": "",
+            "modified": "2023-08-10T22:16:28.207Z",
+            "description": "Application vetting services could look for `android.permission.READ_CONTACTS` in an Android application\u2019s manifest, or `NSContactsUsageDescription` in an iOS application\u2019s `Info.plist` file. Most applications do not need contact list access, so extra scrutiny could be applied to those that request it.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--9bbfa759-5555-4048-a79d-fed27a1efd93.json b/mobile-attack/relationship/relationship--9bbfa759-5555-4048-a79d-fed27a1efd93.json
new file mode 100644
index 0000000000..f3c627f6fd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--9bbfa759-5555-4048-a79d-fed27a1efd93.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--ea150682-1a2e-46a9-a176-9e9b3d0c0eca",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--9bbfa759-5555-4048-a79d-fed27a1efd93",
+            "created": "2023-06-09T19:14:21.299Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-06-09T19:14:21.299Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can access images stored on external storage.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
index c0d39d08b1..da729a23bb 100644
--- a/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
+++ b/mobile-attack/relationship/relationship--9c284d41-21ef-4009-bb47-3ae09b08f38d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be8c8884-dd01-40d9-8902-eb19ac5007dc",
+    "id": "bundle--23afd1f5-3231-4c88-adc9-e41d27a01493",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
index bdecc448c0..dd38e08277 100644
--- a/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
+++ b/mobile-attack/relationship/relationship--9c302eb1-1810-48a5-b34d-6aae303d2097.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ce121b9-0e46-4412-8d35-a4dd6aac60f4",
+    "id": "bundle--5c2ef5c0-3713-46b0-9ddc-a7d70d2c0423",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
index 247df4b9c6..e234f0d310 100644
--- a/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
+++ b/mobile-attack/relationship/relationship--9c7c302a-d5ba-4fc9-a4e5-e865fd7fb708.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--46decb2f-eed2-48ba-9486-d4b06d4e603d",
+    "id": "bundle--26eb1517-3e47-4ac0-9459-6b56dd9c17a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
index 1d01065ea3..f33a8ed5f8 100644
--- a/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
+++ b/mobile-attack/relationship/relationship--9c853c22-7607-4cbd-b114-08aaa4625c35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0aa27287-1d04-4ccd-af69-ca5720a15f97",
+    "id": "bundle--eb64f3a7-5452-40cf-aaf8-dfb5198ae0c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json b/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json
index 4e3fda39dc..845b1ead17 100644
--- a/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json
+++ b/mobile-attack/relationship/relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--0f31bdbb-1a06-493a-859d-f3ac8c22553b",
+    "id": "bundle--59e12fd1-7fe7-490e-8209-78e01b572dc2",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--9caf7cd5-fa15-45f0-8e1e-75917ea33af2",
             "created": "2023-03-20T18:50:32.580Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:50:32.580Z",
-            "description": "",
+            "modified": "2023-08-09T16:45:40.815Z",
+            "description": "Application vetting services could look for usage of the `READ_PRIVILEGED_PHONE_STATE` Android permission. This could indicate that non-system apps are attempting to access information that they do not have access to.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json b/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json
index c7a44f5190..4f99e7d299 100644
--- a/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json
+++ b/mobile-attack/relationship/relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--083dc2d5-8a7a-4ff7-8ec8-d44ca17bfc0e",
+    "id": "bundle--f9686464-b113-47a7-bcc0-fb8f06708c0b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--9cfc30de-3e68-4361-a213-3c37ce27b70e",
             "created": "2023-03-20T18:52:52.011Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:52:52.011Z",
-            "description": "",
+            "modified": "2023-08-09T14:51:29.206Z",
+            "description": "On Android, the user can use the device settings menu to view trusted CA certificates and look for unexpected or unknown certificates. A mobile security product could similarly examine the trusted CA certificate store for anomalies. Users can use the device settings menu to view which applications on the device are allowed to install unknown applications.\n\nOn iOS, the user can use the device settings menu to view installed Configuration Profiles and look for unexpected or unknown profiles. A Mobile Device Management (MDM) system could use the iOS MDM APIs to examine the list of installed Configuration Profiles for anomalies.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--79cb02f4-ac4e-4335-8b51-425c9573cce1",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
index cdd2c4ba56..5bfb6fcb64 100644
--- a/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
+++ b/mobile-attack/relationship/relationship--9cfcda7d-bb82-4122-a38b-fec4f5532856.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--af42e39d-3c4e-43fc-90b6-39b275e9304c",
+    "id": "bundle--2d1921b8-d568-44a5-a704-fca8c77c475e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
index 58aeaf3ced..bffd557d47 100644
--- a/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
+++ b/mobile-attack/relationship/relationship--9d264e84-27b2-4867-82c8-55486a969d7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70e7bd11-0fc9-4ca3-a52a-2e1c8ebc66f5",
+    "id": "bundle--e48c2969-aba7-4cc4-a302-423b3122c6ae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json b/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json
index 4630632269..73e5ef9e03 100644
--- a/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json
+++ b/mobile-attack/relationship/relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--e4bb4068-3b09-4592-a029-3eecf160a0a2",
+    "id": "bundle--cafde8eb-9b25-4344-a68c-ee8e5153e3eb",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--9d2a9348-5d0a-43b0-8776-e9bbddc659c7",
             "created": "2023-03-20T18:48:56.995Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:48:56.995Z",
-            "description": "",
+            "modified": "2023-08-09T15:53:41.268Z",
+            "description": "Application vetting services can look for applications requesting the `android.permission.BIND_ACCESSIBILITY_SERVICE` permission in a service declaration. On Android, the user can view and manage which applications can use accessibility services through the device settings in Accessibility. The exact device settings menu locations may vary between operating system versions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
index aa9b0de979..3d5ee8a549 100644
--- a/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
+++ b/mobile-attack/relationship/relationship--9d4c1d68-3cc8-4cf9-b3ee-1525d0ce32de.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b31104c9-798d-4c65-8a07-c19c575bd028",
+    "id": "bundle--5f78a04f-8fcf-4c63-8dd0-21dce4526be1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
index 5e5920e41b..51a5aee61e 100644
--- a/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
+++ b/mobile-attack/relationship/relationship--9d621873-6d3c-4660-be9a-57e2e8648236.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03d5a0e8-f09e-4ef5-bd2e-698eb6b916b2",
+    "id": "bundle--3afee5ff-a566-44ef-a76b-38f7daffa453",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
index 2a07561507..32eca8fcdd 100644
--- a/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
+++ b/mobile-attack/relationship/relationship--9d72c60b-d5d1-4b50-a01f-3882ddb335d9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e5428a0c-d4e0-4ec7-8bec-6a50a5c36759",
+    "id": "bundle--bb54aaea-7ecd-49c3-b6c4-20dfe3968c19",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
index df467f342f..3e351bf93e 100644
--- a/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
+++ b/mobile-attack/relationship/relationship--9dec6b2f-790a-4da9-86c9-1f4b7141c32c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7e4661a-d059-45e9-9692-f0617b935282",
+    "id": "bundle--314639aa-21a7-422d-999b-e9bd3f3034cf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
index c89df13905..82ba4a402b 100644
--- a/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
+++ b/mobile-attack/relationship/relationship--9e3921a8-a9e1-48c4-9b61-ff190c104f63.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab074785-c3a1-4da2-b530-cf4aa194e997",
+    "id": "bundle--454a378f-7d8c-4547-a444-f5bbbf22f684",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
index a466e15d13..4d83bbdde4 100644
--- a/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
+++ b/mobile-attack/relationship/relationship--9e458d77-c856-4b02-82a7-50947b232dc3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5930b43f-a19e-4a61-ad5b-c95001584edc",
+    "id": "bundle--403c1628-56e5-4a03-aaa3-645994a961a9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
index 698d0e2335..d9ce5a276e 100644
--- a/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
+++ b/mobile-attack/relationship/relationship--9e66ec3b-cdd6-461c-bd84-e75316818e15.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--364d3fc9-71c9-4eaa-bb6d-f45feb98c272",
+    "id": "bundle--ad6d4815-8fa0-4dcf-83ed-43c88965aeaf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json b/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json
index d4c58b7185..1d7cf4cf58 100644
--- a/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json
+++ b/mobile-attack/relationship/relationship--9e95ef68-0650-49eb-888f-47c211481be9.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--56e33ddb-d5f7-4a1b-a5d4-6cc2ca7461dd",
+    "id": "bundle--a4a531c5-ab39-4b6a-aaae-181a99620473",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--9e95ef68-0650-49eb-888f-47c211481be9",
             "created": "2023-03-20T18:51:40.217Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:51:40.217Z",
-            "description": "",
+            "modified": "2023-08-09T17:16:36.672Z",
+            "description": "Application vetting may be able to identify applications that perform [Discovery](https://attack.mitre.org/tactics/TA0032) or utilize existing connectivity to remotely access hosts within an internal enterprise network. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
             "target_ref": "attack-pattern--22379609-a99f-4a01-bd7e-70f3e105859d",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json b/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json
index 1e1745057c..35a430aca1 100644
--- a/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json
+++ b/mobile-attack/relationship/relationship--9f83d618-a42d-4797-b9fe-030affdbd13f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aed2810e-142a-4d4c-88f7-0458e6717e3e",
+    "id": "bundle--91ca2e36-1983-46b2-9ce3-014ec876ec91",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
index 291be63f67..1e7f364c07 100644
--- a/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
+++ b/mobile-attack/relationship/relationship--9f9a0349-ca95-4bde-8d8d-af524ce19bc7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1921a67e-cbb4-48cc-8559-75eddc4e9244",
+    "id": "bundle--954a3f8e-6264-4ff3-9069-2bfa9f1a9d5d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
index 3f82a436e7..40ac16938b 100644
--- a/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
+++ b/mobile-attack/relationship/relationship--9fa03a70-ad00-4148-ae5e-8315f3e618d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88edc25c-737f-4111-979c-df40e87055c7",
+    "id": "bundle--d054a1db-0fb8-4a89-90c9-96274d37e9e4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
index 04530674e0..25f0531237 100644
--- a/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
+++ b/mobile-attack/relationship/relationship--a011bcc6-b5d8-4923-b533-55abec69ff2f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--978f8eed-d796-4070-9600-d126198b4c90",
+    "id": "bundle--f2f2a411-c906-4dc5-acb4-f6ceb80b250c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
index dc1070429e..426158de81 100644
--- a/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
+++ b/mobile-attack/relationship/relationship--a042d55c-b31e-41c1-9cd0-66070ec9a11d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a4cedfd-efad-453a-ac31-4a125147e55f",
+    "id": "bundle--50cc0ee6-7d86-4047-a130-c7f8b9eb4b02",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
index ee964e58c7..86a2a2b2a6 100644
--- a/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
+++ b/mobile-attack/relationship/relationship--a0464679-71b6-4ab4-a72d-0428e4d75d5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e61bbae2-292f-4a89-b345-91d241ad90aa",
+    "id": "bundle--7c30c736-0218-4419-8795-50e64e0ff30a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
index 9b809cf650..88037cf258 100644
--- a/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
+++ b/mobile-attack/relationship/relationship--a04ae7d7-1500-49c9-bada-1a75a8670f5c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aade2a35-0b66-4da2-830a-a57568e0e69c",
+    "id": "bundle--c5d2ab47-6d84-47f9-bcdf-65af5b5ae937",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
index c1077f3d74..3f428161f8 100644
--- a/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
+++ b/mobile-attack/relationship/relationship--a04dfb58-b7d3-4abe-9f4a-fad4f7158965.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f2970e2-beab-4b4a-b538-26cf34189788",
+    "id": "bundle--97baeb4f-f3c6-4e96-ac08-35cd85416da2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
index 6fef3a4630..2ec483588b 100644
--- a/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
+++ b/mobile-attack/relationship/relationship--a09f8daa-aa02-45f1-8dac-9bea355c9415.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--85dc68fa-3080-431f-9c36-e970ccb580a5",
+    "id": "bundle--baa3b6a8-798b-4b2b-9b4f-fe1755719cf8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
index ffcce1e00a..5f0f7f9b37 100644
--- a/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
+++ b/mobile-attack/relationship/relationship--a1023a75-31cc-420a-9c59-b440f7fb27e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--29acbed7-437f-44fd-9aea-3a495d7b94e4",
+    "id": "bundle--51b0e849-8a82-47c4-bba5-a0673b232012",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
index 208ffd2323..4f7cd8bf00 100644
--- a/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
+++ b/mobile-attack/relationship/relationship--a111ab3c-97f2-4b17-b291-f141e9b7613f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f6d6fe97-238a-44fa-8182-9d93b5288371",
+    "id": "bundle--e0159bda-98a3-4fa2-a29c-defba7d57fe1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a120ac54-32fa-43ad-a826-8325823b656d.json b/mobile-attack/relationship/relationship--a120ac54-32fa-43ad-a826-8325823b656d.json
new file mode 100644
index 0000000000..c99082256a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--a120ac54-32fa-43ad-a826-8325823b656d.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--aa6ffaaa-0bde-4e0a-a7e8-b49df219edba",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--a120ac54-32fa-43ad-a826-8325823b656d",
+            "created": "2023-09-22T19:14:12.741Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T19:14:12.741Z",
+            "description": "Users should be trained on what device administrator permission request prompts look like, and how to avoid granting permissions on phishing popups.",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+            "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
index 330b15ab61..1e03e9587a 100644
--- a/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
+++ b/mobile-attack/relationship/relationship--a1814198-1f91-41d4-a413-d55e1a66c8e9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3133ceea-eee5-44e7-88e9-9b77ceece3b3",
+    "id": "bundle--5b0b5540-4bc1-46e6-abf3-50b8d65ebe90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a186540d-d235-48f1-8757-d0b46f13c6ce.json b/mobile-attack/relationship/relationship--a186540d-d235-48f1-8757-d0b46f13c6ce.json
new file mode 100644
index 0000000000..3bb5b766b1
--- /dev/null
+++ b/mobile-attack/relationship/relationship--a186540d-d235-48f1-8757-d0b46f13c6ce.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--090b5abe-87fa-4508-a041-ccfc1bf8526d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--a186540d-d235-48f1-8757-d0b46f13c6ce",
+            "created": "2023-06-09T19:20:23.377Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T20:42:33.371Z",
+            "description": "(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "intrusion-set--6eded342-33e5-4451-b6b2-e1c62863129f",
+            "target_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json b/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json
index 59ac44c15c..bf8f1b4607 100644
--- a/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json
+++ b/mobile-attack/relationship/relationship--a1a9db79-4a80-4e65-91bf-72e358d2ce41.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b079a0b-dacd-4283-a9a4-ce7658d313e7",
+    "id": "bundle--483be960-672a-4fd5-862f-bff3a7605858",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
index 8d45f654a8..152ebf478c 100644
--- a/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
+++ b/mobile-attack/relationship/relationship--a1c53fcf-a691-4233-a136-0a51d5a3840f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c4ad92ab-16e9-480e-9d87-9368a4b02cff",
+    "id": "bundle--341e472a-72e6-4b02-9c27-b1dc91107773",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
index 0790a9188c..abde45e916 100644
--- a/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
+++ b/mobile-attack/relationship/relationship--a1fac829-275a-409a-9060-e7bd7c63057e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1da75eae-6628-41e6-92ed-9fb34e2d04fd",
+    "id": "bundle--26f6c230-4576-42ca-aa88-ca362dbef592",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
index d8c1701c04..746d443fa8 100644
--- a/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
+++ b/mobile-attack/relationship/relationship--a20493e1-4699-405d-a291-c28aae8ed737.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bbc5ab17-0844-4ce3-a62f-20e6cbcd16d3",
+    "id": "bundle--116c57ba-402e-4b72-b3c6-dab98c950998",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
index bbab28d459..16ff2a6d20 100644
--- a/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
+++ b/mobile-attack/relationship/relationship--a20581b4-21fa-4ed9-b056-d139998868e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f08cc2f6-11ea-4ecd-af76-77c32a70cf87",
+    "id": "bundle--97848b85-2c9d-4ebe-a88c-79be4c310cd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
index 2c75792990..ea7c669349 100644
--- a/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
+++ b/mobile-attack/relationship/relationship--a2323d47-348c-4e3c-9c25-7feb20e2e457.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cec576d0-a84c-41ee-bcc6-ee1a900ec919",
+    "id": "bundle--3e4a1c2f-0aaa-4826-8512-3a24dbf60a3c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
index 02b17844e1..586944a566 100644
--- a/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
+++ b/mobile-attack/relationship/relationship--a2365c91-60f6-4249-af13-6bc2fdb80d52.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--04705987-489e-4011-bb76-3ae34e4186ea",
+    "id": "bundle--54396279-49d2-4cdf-8cad-8b547446b507",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a25a0454-d6da-4448-a3c5-33648ee6675a.json b/mobile-attack/relationship/relationship--a25a0454-d6da-4448-a3c5-33648ee6675a.json
new file mode 100644
index 0000000000..06cb1b4f20
--- /dev/null
+++ b/mobile-attack/relationship/relationship--a25a0454-d6da-4448-a3c5-33648ee6675a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--38599d9c-79ba-4d43-b503-747754cfcbb7",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--a25a0454-d6da-4448-a3c5-33648ee6675a",
+            "created": "2023-07-21T19:36:50.262Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:36:50.262Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can collect system information, such as Android version and device identifiers.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--e2ea7f6b-8d4f-49c3-819d-660530d12b77",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
index 5a8d01f6c4..5992e1d8c0 100644
--- a/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
+++ b/mobile-attack/relationship/relationship--a25d58af-dbb3-4025-b91d-898c6adffcb3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--421a1b78-d447-48fb-8616-26252882fa91",
+    "id": "bundle--bd4c151f-1c4a-4fb5-8c93-8ff581744684",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json b/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json
index 8a68f30027..3e6659e4ec 100644
--- a/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json
+++ b/mobile-attack/relationship/relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a.json
@@ -1,25 +1,37 @@
 {
     "type": "bundle",
-    "id": "bundle--7b55a8e1-176d-4c1d-a1ea-8ca6fd191d2a",
+    "id": "bundle--8b766c04-d7cf-4e5b-9e08-da50b9df0e00",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--a2803d73-f5bf-4815-bfbf-662c372e1f5a",
             "created": "2023-03-20T18:53:52.174Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Android-AppLinks",
+                    "description": "Android. (n.d.). Handling App Links. Retrieved December 21, 2016.",
+                    "url": "https://developer.android.com/training/app-links/index.html"
+                },
+                {
+                    "source_name": "IETF-OAuthNativeApps",
+                    "description": "W. Denniss and J. Bradley. (2017, October). IETF RFC 8252: OAuth 2.0 for Native Apps. Retrieved November 30, 2018.",
+                    "url": "https://tools.ietf.org/html/rfc8252"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:53:52.174Z",
-            "description": "",
+            "modified": "2023-08-09T16:08:37.797Z",
+            "description": "When vetting applications for potential security weaknesses, the vetting process could look for insecure use of Intents. Developers should be encouraged to use techniques to ensure that the intent can only be sent to an appropriate destination (e.g., use explicit rather than implicit intents, permission checking, checking of the destination app's signing certificate, or utilizing the App Links feature). For mobile applications using OAuth, encourage use of best practice.(Citation: IETF-OAuthNativeApps)(Citation: Android-AppLinks)",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
index 4458936e6b..14f8506359 100644
--- a/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
+++ b/mobile-attack/relationship/relationship--a285f343-09c3-49af-9c18-1dccf89e9009.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bd683975-7a25-4bc5-ac3d-2d81663a66ee",
+    "id": "bundle--392b2c46-1501-4734-bbb4-327a3c420c5b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
index 3456f14482..3b6b321300 100644
--- a/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
+++ b/mobile-attack/relationship/relationship--a28a53e9-7a42-4f81-bced-0efbc3128cbd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f4d7d56-dc8e-46fb-ace9-82810add189e",
+    "id": "bundle--5dfb9c59-3b22-4154-9459-6c9604324e6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
index eb01916e94..d72e66662f 100644
--- a/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
+++ b/mobile-attack/relationship/relationship--a290a8ca-e650-456c-b33e-03343fe5ea4e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c4ace51-f757-4f98-b0df-1321c371d03e",
+    "id": "bundle--6f9d89d7-8ce6-4060-bfb4-08966883b61a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
index b613a3e841..0ab7dabac6 100644
--- a/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
+++ b/mobile-attack/relationship/relationship--a299e0a6-cada-4629-a6c6-ed73dc4422aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a17e6e4-d71b-4ad4-8a3f-72ac03ac535c",
+    "id": "bundle--9e933cd1-ddf1-458b-a403-b3884cade8ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
index 16a348387f..d23ddf9c2a 100644
--- a/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
+++ b/mobile-attack/relationship/relationship--a32db277-593f-4fd1-bdcb-9f677b1a05e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b1bdd39-e5d6-4615-8ee1-06e269699820",
+    "id": "bundle--9b9e0830-60ed-40d1-97d8-27a37540694b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
index 705584ac50..e384ee930a 100644
--- a/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
+++ b/mobile-attack/relationship/relationship--a34f3873-3df7-4e93-915c-fc2b4af3444d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41814603-e068-4e28-aa9b-07031aa05d50",
+    "id": "bundle--fe4ee250-2bc1-4f29-b4b1-6da3bc61f556",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
index 8f0069c495..a1d002b8ea 100644
--- a/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
+++ b/mobile-attack/relationship/relationship--a3a8b2f2-f1aa-49ba-be55-a674f371f209.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7374ab02-3104-4afd-9c1a-d6e9d0ab90ed",
+    "id": "bundle--68e0f2a6-a5d3-4113-adcf-fd8ccc7c565a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
index b7f8b6053d..f6512b4be2 100644
--- a/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
+++ b/mobile-attack/relationship/relationship--a3c4b392-2879-4f31-9431-3398e034851b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4f68cb42-7f73-4acc-b307-f789da5307f6",
+    "id": "bundle--ecb7ec64-97d6-49ab-9987-abf7ab7644e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
index 1e643c142f..0b17992eee 100644
--- a/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
+++ b/mobile-attack/relationship/relationship--a3c9d5d6-acc5-46e9-9e4f-b078aeac553c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6f8fa075-4c39-449e-9dc3-56ba46ca7d8a",
+    "id": "bundle--f769cf28-8132-41ce-8d68-65b8a1c149c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
index ac150fc6db..3ae63b5400 100644
--- a/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
+++ b/mobile-attack/relationship/relationship--a3f36e9e-e2f4-4745-a9a3-0d1231db116d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--330bb7f2-48dd-4bb1-9f6d-69c54d21100f",
+    "id": "bundle--2652948f-139e-48c8-bfff-c5af38b2660b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
index bc17c781e7..f75fe2e145 100644
--- a/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
+++ b/mobile-attack/relationship/relationship--a427ce33-d1e1-4c38-a024-e44fc00033d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--600df822-e3d5-4d05-984f-b58fc0501063",
+    "id": "bundle--1c601a71-f29d-4174-b625-224000e25616",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
index 2638d30582..daba5a1662 100644
--- a/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
+++ b/mobile-attack/relationship/relationship--a451966b-f826-422b-9505-f564b9988a9c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66ab71f8-6513-4631-8568-8e33c1f3868d",
+    "id": "bundle--264e3f08-4def-4837-a6ce-7bedd6ff4630",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a466f8f0-c9da-46d1-80d0-b8654e727526.json b/mobile-attack/relationship/relationship--a466f8f0-c9da-46d1-80d0-b8654e727526.json
new file mode 100644
index 0000000000..1327e8201d
--- /dev/null
+++ b/mobile-attack/relationship/relationship--a466f8f0-c9da-46d1-80d0-b8654e727526.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--27816813-b134-47f3-8291-2bb268a9b625",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--a466f8f0-c9da-46d1-80d0-b8654e727526",
+            "created": "2023-08-04T18:33:37.920Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:33:37.920Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate a list of installed applications.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json b/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json
index 44993806bc..c683d4b170 100644
--- a/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json
+++ b/mobile-attack/relationship/relationship--a46c3b05-07d5-461c-b1b1-4a81912b79f8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--acacdc65-3d1b-486b-8d0f-87cff10f84c5",
+    "id": "bundle--318f372f-60ec-470c-be38-d5418fd636d6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
index d7370d0140..9e104be4c4 100644
--- a/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
+++ b/mobile-attack/relationship/relationship--a501b700-250f-4e9a-a20f-656ae9bf90f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--04f7b0ea-154e-4dcb-9dad-1cc461186d62",
+    "id": "bundle--6875a97d-1e80-4985-b388-5be9460ec08e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
index 6f93e4a297..f4efa48c52 100644
--- a/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
+++ b/mobile-attack/relationship/relationship--a503ca06-7f98-4ab4-a8fc-ff55c3da7f0a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cab86a7d-88dc-40f9-a486-abc0427dcb2e",
+    "id": "bundle--fb724c23-b351-4e55-9dc9-53380721bb10",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
index 807a32bfd4..d1b94395c7 100644
--- a/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
+++ b/mobile-attack/relationship/relationship--a54c8c09-c849-4146-a7cc-158887222a6d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6509d2f2-afc9-4ee5-a34b-358bf068f409",
+    "id": "bundle--11c6550f-6bdb-40a1-892e-9b4284b84929",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json b/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json
index ca3be2f1a5..e321bc3288 100644
--- a/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json
+++ b/mobile-attack/relationship/relationship--a563fc97-a452-4348-a831-f4fb55c71e35.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3b96b051-0b6d-4b31-b6ec-3a9a7692204e",
+    "id": "bundle--f002eef2-9ec0-4d59-ba67-58a6be08d9a4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json b/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json
index 168fa89f37..efd29288c5 100644
--- a/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json
+++ b/mobile-attack/relationship/relationship--a5b37f26-7629-4195-9536-12e349e5843b.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--e5f39f2d-2733-47f5-a836-a73a4484d3d9",
+    "id": "bundle--f88b7d07-4dab-4a34-b6c9-4b6930915a55",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--a5b37f26-7629-4195-9536-12e349e5843b",
             "created": "2023-03-20T18:51:04.334Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:51:04.334Z",
-            "description": "",
+            "modified": "2023-08-09T14:54:47.199Z",
+            "description": "Application vetting services could look for applications attempting to get `android.os.SystemProperties` or `getprop` with the runtime `exec()` commands. This could indicate some level of sandbox evasion, as Google recommends against using system properties within applications.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--6ffad4be-bfe0-424f-abde-4d9a84a800ad",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
index 638cca236c..72408cf463 100644
--- a/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
+++ b/mobile-attack/relationship/relationship--a5b72279-f99e-4f03-8669-04322b40ee6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c83be38-3a90-4ca1-b9d2-a7cc760ae220",
+    "id": "bundle--09ace8c8-e42b-40fe-929a-4b6b00512ab9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
index d498111cb3..4edadcdb34 100644
--- a/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
+++ b/mobile-attack/relationship/relationship--a5dac41f-4a16-44ea-b279-b84c927ce62d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8bafc7b4-f5d5-40f4-a838-cae1a8f61546",
+    "id": "bundle--7cecc0f5-f08e-485e-8a21-ee38412dc02a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json b/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json
index 8459405679..bbc073986a 100644
--- a/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json
+++ b/mobile-attack/relationship/relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d15ecaae-27aa-49ae-9bb2-c657baf4f21b",
+    "id": "bundle--480f175e-74be-47b7-b7a8-d012ca248cf4",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--a5f64f9e-3ed9-442b-a244-9857b926d93b",
             "created": "2023-03-20T18:59:46.622Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:59:46.622Z",
-            "description": "",
+            "modified": "2023-08-08T15:03:56.766Z",
+            "description": "Mobile threat defense agents could detect unauthorized operating system modifications by using attestation.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--670a4d75-103b-4b14-8a9e-4652fa795edd",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
index 6b8be6ee1a..254ab8ea9c 100644
--- a/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
+++ b/mobile-attack/relationship/relationship--a63bafb6-6647-410f-8673-a53ef2dee5e2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc493294-bbe1-487e-a746-4961a114ea63",
+    "id": "bundle--8cba42f3-86cf-4e56-abc2-62594bb52a2d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
index 9654f2953b..e08a4760b5 100644
--- a/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
+++ b/mobile-attack/relationship/relationship--a67c5611-00bc-4e1a-a1be-2512a2bcf072.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4dada18c-e6bf-428c-a9da-e33b1597c2c9",
+    "id": "bundle--90f45a64-5dc6-4150-9c4f-d42af8e75ba7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json b/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json
index 75e5200c99..ce58cedb32 100644
--- a/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json
+++ b/mobile-attack/relationship/relationship--a6bb6c55-3b33-4cd4-981b-055551edc4c2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2481aa1c-fac4-4140-85e8-9cdf66c4655c",
+    "id": "bundle--cd17e069-4d50-4c41-968c-0b73afce1e33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
index 97fa2f0316..332a67aed1 100644
--- a/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
+++ b/mobile-attack/relationship/relationship--a7336f2c-8f89-4d54-ac2b-77743afb2943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5fed6b25-b2a1-48bb-a6c5-db2414a8c7bb",
+    "id": "bundle--4ff85bf5-7af2-403e-bc01-e9b46458ef1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
index a1c1636c69..d12b4995ac 100644
--- a/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
+++ b/mobile-attack/relationship/relationship--a76d731b-484c-442a-b1a3-255d8398aefd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4aa368b0-b3e3-4f93-98c3-2f707ef4f8f3",
+    "id": "bundle--8ea30614-fa57-4d60-bde6-2627c0902a39",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a772d1fc-e2d1-4553-b93f-12412cdc8360.json b/mobile-attack/relationship/relationship--a772d1fc-e2d1-4553-b93f-12412cdc8360.json
new file mode 100644
index 0000000000..6bb7381343
--- /dev/null
+++ b/mobile-attack/relationship/relationship--a772d1fc-e2d1-4553-b93f-12412cdc8360.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--f0e966e2-ca47-4bfe-828e-74fd196e9dd1",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--a772d1fc-e2d1-4553-b93f-12412cdc8360",
+            "created": "2023-08-08T22:50:32.635Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-14T16:52:18.036Z",
+            "description": "The user can view applications that have registered accessibility services in the accessibility menu within the device settings.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
+            "target_ref": "attack-pattern--d1f1337e-aea7-454c-86bd-482a98ffaf62",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
index 026dbbbe1a..27983f6c3f 100644
--- a/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
+++ b/mobile-attack/relationship/relationship--a7b276ac-6f07-4d1f-8d24-dc5682acf62d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--adba7162-0747-40d2-84c3-3284449e6766",
+    "id": "bundle--88c74ffd-6b60-4117-b0c4-f1d36a6fea2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
index 48caa446d1..6c0bc84cd3 100644
--- a/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
+++ b/mobile-attack/relationship/relationship--a7cc0168-247d-4a6d-b6f4-d5a04f99216c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8cd7b79b-33ce-4ebc-93d1-c28c5873b316",
+    "id": "bundle--7c454ae6-5052-4e96-9c20-01b3f03a2202",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
index 96e2c0332c..f53ee4f039 100644
--- a/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
+++ b/mobile-attack/relationship/relationship--a8079e6a-ef87-4e3b-9f71-cf1ea2360892.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41679472-597e-435a-a527-d445c7ad1fbd",
+    "id": "bundle--0b9ec94e-ee40-4072-90c1-c489e33eeab3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
index c74648abb6..2f0488ed0b 100644
--- a/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
+++ b/mobile-attack/relationship/relationship--a808c887-b2b8-4b05-9cab-47c918e48d48.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b5a1e6a1-26b6-4baf-8f71-f2e7d2f6a9ce",
+    "id": "bundle--460e562a-a70d-4695-ace4-44c00df46517",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
index c11d12f42c..36a116f72e 100644
--- a/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
+++ b/mobile-attack/relationship/relationship--a81431c4-ac34-4b63-9647-eb7c8e529e03.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8deb8008-b75a-42bf-85cf-71de28650d26",
+    "id": "bundle--a622180a-1098-40b1-b429-489a105ff976",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
index fe076cb701..0c5bbf6a73 100644
--- a/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
+++ b/mobile-attack/relationship/relationship--a82d3cfb-7ef2-4e39-a6e1-3097d7b106f7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ba7595f-7022-4731-b327-ac3e5168e5d3",
+    "id": "bundle--4f762575-6286-4038-9ed3-46301f7141f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json b/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json
index 169a190e13..a3d3aaee95 100644
--- a/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json
+++ b/mobile-attack/relationship/relationship--a8565c17-7054-4d3f-bca5-6e17dc931491.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0fd0b99f-f94a-4129-be4a-2947d922025f",
+    "id": "bundle--507a2f37-38d8-44e2-b97b-f4e665e40325",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
index 3f5b38b079..6dc16cf2c8 100644
--- a/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
+++ b/mobile-attack/relationship/relationship--a87fa426-3968-4d3b-8f8d-8e3c3a9c32f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--df60fe45-9219-4c94-a137-0f2d8c44185d",
+    "id": "bundle--d4f1d81c-eede-4bfa-a83c-32a5069f187e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
index 8ddc3efaea..fd4938475e 100644
--- a/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
+++ b/mobile-attack/relationship/relationship--a8ac5084-5631-4670-8ac6-6fbe7bdb0a84.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--591a992f-6ac3-4055-81b7-af58ec1bd691",
+    "id": "bundle--7f0fbc72-16fb-4bb6-9eec-7806ec5b7ba8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
index 534cdd8773..c2bb0ca764 100644
--- a/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
+++ b/mobile-attack/relationship/relationship--a8bf6bbd-88f0-4725-ba4f-3b9317dca388.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a84e1e41-adf5-4ad4-8f2e-99de0e250c79",
+    "id": "bundle--569651ae-57c0-42cb-acf5-1d4f21a37097",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
index ff888622cf..65b59f29a1 100644
--- a/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
+++ b/mobile-attack/relationship/relationship--a8c21a71-f3e9-43e9-9212-faf9181e70ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c998075f-6087-416b-9c98-e33321c385bf",
+    "id": "bundle--b2d6c9b5-ca41-4ae2-a632-cadf5f69c0df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
index 2f73beeb0b..883a2af7e5 100644
--- a/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
+++ b/mobile-attack/relationship/relationship--a8dd6ed7-910d-4bae-a2a8-19f3f32c915c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--30039c00-e7dd-43d5-a335-48a8d311dfe4",
+    "id": "bundle--052be9ae-9dfc-46f2-8516-ab5d95c1b010",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
index ca6bbd88a6..ba333a303d 100644
--- a/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
+++ b/mobile-attack/relationship/relationship--a92a805e-d5f5-4e94-8592-c253e03e4476.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e35f3200-d601-4b9f-9064-1b44fd9a877d",
+    "id": "bundle--ba73dc2c-31f0-4206-a717-0239f7103e99",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json b/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json
index 29f6a91a8c..9220547322 100644
--- a/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json
+++ b/mobile-attack/relationship/relationship--a93ee044-bd5d-48f3-972e-0abab780c35c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--716f79c7-2bec-4967-b54c-7ea383b47196",
+    "id": "bundle--0653a633-edcc-48f7-8686-af441622a571",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
index 22583a8691..153c3fa618 100644
--- a/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
+++ b/mobile-attack/relationship/relationship--a95fe853-d1d1-47dc-a776-b905daacfe32.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--64ec483d-51cd-42ca-930d-b1d5be76e95e",
+    "id": "bundle--d2096737-6687-4c08-9bcd-7fa91f45b834",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
index 1e79ecb42d..e74afbb464 100644
--- a/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
+++ b/mobile-attack/relationship/relationship--a9689f2c-ad8f-4861-8cad-d78e07fd1530.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40f1bd2e-305e-4d31-8d4f-e98ae870e131",
+    "id": "bundle--9c5cac74-fffb-4cef-9eec-6e2a3178ad70",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
index 25c59892e6..2f306fd68d 100644
--- a/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
+++ b/mobile-attack/relationship/relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9.json
@@ -1,32 +1,32 @@
 {
     "type": "bundle",
-    "id": "bundle--d026b1ca-2895-4580-9dd1-7451ac9494a9",
+    "id": "bundle--22e25c30-3257-4ad1-82b7-d289e0e73d0f",
     "spec_version": "2.0",
     "objects": [
         {
-            "object_marking_refs": [
-                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
-            ],
             "type": "relationship",
             "id": "relationship--a98c127b-8da9-4ea5-980e-d154ea541ec9",
             "created": "2022-04-01T17:08:15.158Z",
-            "x_mitre_version": "0.1",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
             "external_references": [
                 {
                     "source_name": "CSRIC5-WG10-FinalReport",
-                    "url": "https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf",
-                    "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017."
+                    "description": "Communications Security, Reliability, Interoperability Council (CSRIC). (2017, March). Working Group 10 Legacy Systems Risk Reductions Final Report. Retrieved May 24, 2017.",
+                    "url": "https://web.archive.org/web/20200330012714/https://www.fcc.gov/files/csric5-wg10-finalreport031517pdf"
                 }
             ],
-            "x_mitre_deprecated": false,
-            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-15T15:06:03.429Z",
             "description": "Filtering requests by checking request origin information may provide some defense against spurious operators.(Citation: CSRIC5-WG10-FinalReport) ",
-            "modified": "2022-04-11T19:09:00.362Z",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "relationship_type": "mitigates",
             "source_ref": "course-of-action--e829ee51-1caf-4665-ba15-7f8979634124",
             "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
-            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
index a90533af63..59487e8f3e 100644
--- a/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
+++ b/mobile-attack/relationship/relationship--a9e97a14-ea3c-47b1-a865-0a1edea9c81c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cecfcb2b-3b43-41c2-bffc-7ea408f713f9",
+    "id": "bundle--cc0a93e2-dcf7-4062-8c48-718aaeb5886d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
index fdb5cffbd5..70f6210ece 100644
--- a/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
+++ b/mobile-attack/relationship/relationship--aa1deed1-800c-470b-ac88-eb8013c11ec0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--231e9dfb-474c-4712-b959-c2ca411afcc6",
+    "id": "bundle--302265b8-5647-4048-843c-b90ddb6fe9e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
index 9e6d084c2e..ccfedddb96 100644
--- a/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
+++ b/mobile-attack/relationship/relationship--aa40d01f-0741-4bf2-bacd-75e1f3a77af0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b200b00-30b0-4f01-8ae8-7223e25bf02f",
+    "id": "bundle--f8dd4645-6c5e-4644-a1dd-0f29c536cd41",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
index 48342d4438..740240f9d5 100644
--- a/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
+++ b/mobile-attack/relationship/relationship--aa5877fd-ef7d-435e-86af-c427f086b3c5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2273cd6a-a53f-4da0-be65-9ec7e2662f73",
+    "id": "bundle--dd292ab9-15dd-4593-8059-23011900bf92",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
index 411b331567..1718f5f31a 100644
--- a/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
+++ b/mobile-attack/relationship/relationship--aa628e44-ff05-4ac9-bb0b-11c22384a443.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--18740162-ba05-4596-957e-8b36d94c214b",
+    "id": "bundle--0281d48e-df1e-4885-98f5-fc95126ed560",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
index cebd03a22d..0ac74e8067 100644
--- a/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
+++ b/mobile-attack/relationship/relationship--aa8e45c2-4276-451b-b1eb-59c396bf720a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3368334c-9412-4800-816f-607387724440",
+    "id": "bundle--bbbdf73a-0acd-4270-8bb3-35316f5244a8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
index b656952fcf..ea353aadeb 100644
--- a/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
+++ b/mobile-attack/relationship/relationship--aaf55dd1-33df-4f02-8025-eaae01f30b33.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5350bbcd-23e8-44c5-9210-939a993d62d6",
+    "id": "bundle--6317755d-62fb-44ce-97b2-74c86bbf9ad8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json b/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json
index be8570ad02..8e528db16a 100644
--- a/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json
+++ b/mobile-attack/relationship/relationship--ab18ee61-f94a-411c-9893-941714ce713e.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--c2d7c00c-6d27-48bd-845b-ff3c88091f1c",
+    "id": "bundle--f980a753-a905-4ebf-8b32-3af4b3ca5a03",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--ab18ee61-f94a-411c-9893-941714ce713e",
             "created": "2023-03-20T18:44:26.642Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:44:26.642Z",
-            "description": "",
+            "modified": "2023-08-14T16:47:05.294Z",
+            "description": "Applications could be vetted for their use of the clipboard manager APIs with extra scrutiny given to application that make use of them.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--74e6003f-c7f4-4047-983b-708cc19b96b6",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
index 37b0365cca..ab40a5c6e7 100644
--- a/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
+++ b/mobile-attack/relationship/relationship--ab67b233-2c3d-4ac2-a3f0-13b6484ea920.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0eaa0288-6bfa-4009-b335-a82cc3b0fb75",
+    "id": "bundle--5d091d0d-010b-41ce-b88d-d538ed31d9cb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ab7cd212-7faa-46a8-9666-92a67ae7a6b0.json b/mobile-attack/relationship/relationship--ab7cd212-7faa-46a8-9666-92a67ae7a6b0.json
new file mode 100644
index 0000000000..25420ec509
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ab7cd212-7faa-46a8-9666-92a67ae7a6b0.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--0d19a645-a0af-4063-93bc-704962996b33",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--ab7cd212-7faa-46a8-9666-92a67ae7a6b0",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:41:16.869Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--51aedbd6-2837-4d15-aeb0-cb09f2bf22ac",
+            "target_ref": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
index 8820c498b9..a5ee515467 100644
--- a/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
+++ b/mobile-attack/relationship/relationship--abd2e863-4bd3-4686-b2aa-f8a097a41c99.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6509bb6-b240-4f03-8d2c-80ae21f705bc",
+    "id": "bundle--4cffdec4-8936-4fbd-9b61-d55da7811942",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
index fda1101ac9..a0f213acbe 100644
--- a/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
+++ b/mobile-attack/relationship/relationship--abf03652-acd0-4361-8a66-f7e70e8e4376.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--210a143f-32ac-433d-8c98-aa06909b7cd9",
+    "id": "bundle--72f5184d-f3f9-4704-a3a1-7cbc649d761d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json b/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json
index 0dd72da980..66f2d11580 100644
--- a/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json
+++ b/mobile-attack/relationship/relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--e69e82a7-4d55-4b92-948c-861e456c70b9",
+    "id": "bundle--4811c030-ce3b-4210-ab43-63e383e09984",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--abf3b5c8-9ee5-42ff-ba94-2b3a15317783",
             "created": "2023-03-20T18:55:51.580Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:55:51.580Z",
-            "description": "",
+            "modified": "2023-08-09T15:57:46.908Z",
+            "description": "An Android user can view and manage which applications hold the `SYSTEM_ALERT_WINDOW` permission through the device settings in Apps & notifications -> Special app access -> Display over other apps (the exact menu location may vary between Android versions). ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
index dc126d801b..facb2598fa 100644
--- a/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
+++ b/mobile-attack/relationship/relationship--ac31f650-4bd2-4bb6-b450-71e66db4888f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3448e666-a9ef-490a-b388-5738d2ac0ad2",
+    "id": "bundle--b4f5d8a6-cebc-431c-a5bb-910ea93e5c72",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ac415e32-e204-4382-b500-2370cec7a608.json b/mobile-attack/relationship/relationship--ac415e32-e204-4382-b500-2370cec7a608.json
new file mode 100644
index 0000000000..7aeff91ea9
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ac415e32-e204-4382-b500-2370cec7a608.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--82d08869-f95b-42e3-852c-78d4900f4aab",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ac415e32-e204-4382-b500-2370cec7a608",
+            "created": "2023-08-16T16:45:58.547Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:45:58.547Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can download new code at runtime.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
index 955b957f50..a690f74c18 100644
--- a/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
+++ b/mobile-attack/relationship/relationship--ac53e382-a140-4bbf-a59d-db3fe21acfaa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--74d254a6-d291-4a28-a7e2-6c6520da16b2",
+    "id": "bundle--3b1a7188-13fb-4162-89a5-ce378fd4f2a3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
index 2587a271e8..5b82ddb928 100644
--- a/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
+++ b/mobile-attack/relationship/relationship--ad0c873b-9e45-44e0-adaf-529921ee7a77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dc6e7566-91f1-4596-936e-ea613166c6a6",
+    "id": "bundle--4242de54-185e-4068-a14d-fe67138bfd93",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
index 17f37f4f79..7c05bc2905 100644
--- a/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
+++ b/mobile-attack/relationship/relationship--ad2c8b49-bbfb-47dd-84bb-cd4dbc49a64c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c8922541-658f-48b3-8bd8-0c171845ba27",
+    "id": "bundle--30f83e58-3ad6-4174-b18e-67f0747633bf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json b/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json
index 2d66955a3e..a2ad6f9553 100644
--- a/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json
+++ b/mobile-attack/relationship/relationship--ad723fb0-7439-407e-9bf5-1cb3fd7df8aa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b16d92df-0f42-49f3-9095-d40a0ae6f563",
+    "id": "bundle--a852eefe-60f8-4165-a380-ca5d7f38c97e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
index a979469e08..60c01bf6a1 100644
--- a/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
+++ b/mobile-attack/relationship/relationship--ad76b0ad-fa76-4d56-8a6e-8818bbc6509e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--abdcc66c-cf39-4ace-b5f3-8927183f8135",
+    "id": "bundle--c2acef06-d1bd-4230-9534-c8f58984ac95",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ada67532-039d-4b4f-93ab-82ceba13ec56.json b/mobile-attack/relationship/relationship--ada67532-039d-4b4f-93ab-82ceba13ec56.json
new file mode 100644
index 0000000000..191683b7d3
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ada67532-039d-4b4f-93ab-82ceba13ec56.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--d99bbaa3-34f8-48c9-b2bb-0c6b873e7409",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ada67532-039d-4b4f-93ab-82ceba13ec56",
+            "created": "2023-07-21T19:53:12.605Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:53:12.605Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can access text message history.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
index a003fbcc06..792dfe93d5 100644
--- a/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
+++ b/mobile-attack/relationship/relationship--adc9957c-fa57-4e81-9231-b60f01b69859.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--45cfe8cb-791b-43e3-a0a6-285c78a2681d",
+    "id": "bundle--99e203bd-446b-4350-a764-c5477dc32120",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ade5c0c5-8b53-4bc5-9d81-0284be2e5fee.json b/mobile-attack/relationship/relationship--ade5c0c5-8b53-4bc5-9d81-0284be2e5fee.json
new file mode 100644
index 0000000000..b09e92127b
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ade5c0c5-8b53-4bc5-9d81-0284be2e5fee.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--3856b196-3090-459f-8f94-88260aa45c73",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ade5c0c5-8b53-4bc5-9d81-0284be2e5fee",
+            "created": "2023-07-21T19:51:55.111Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:51:55.111Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can intercept and imitate phone conversations by breaking the connection and displaying a fake call screen. It can also make outgoing calls and spoof incoming calls.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
index 6363558613..504d26d7c9 100644
--- a/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
+++ b/mobile-attack/relationship/relationship--aeeadd6b-30d3-4b4f-ac61-fd0bc367b415.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6a4b7467-27d3-422d-b268-8fdfc0140565",
+    "id": "bundle--27084c0f-c6f8-42a3-a513-93ffa32b0eec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
index dd928065b5..c29b41541e 100644
--- a/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
+++ b/mobile-attack/relationship/relationship--af55d12a-5f58-4135-90d0-f465a66f7a3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fafb2cae-68e0-4307-bd18-75431fa55242",
+    "id": "bundle--6dd81c58-f5bb-4bad-9f25-75a5e4615e3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
index c9694cbec3..e2fd654af4 100644
--- a/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
+++ b/mobile-attack/relationship/relationship--afba6b19-7486-4e5a-8fda-e91852b0b354.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec3acc42-e3fc-4252-b742-a0ee2ea615b0",
+    "id": "bundle--251aa802-16b1-4f24-9b77-07abd5c50093",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json b/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json
index a043d5c3c8..b7f4cbebb7 100644
--- a/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json
+++ b/mobile-attack/relationship/relationship--afc0e8b2-2e85-4640-8517-fb2e16831082.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d00fcd4-c663-495c-b2c7-ea0eeccc037f",
+    "id": "bundle--89b11db0-cefd-4afb-8231-a087063723c1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
index c0d2767a07..0b4c2939e7 100644
--- a/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
+++ b/mobile-attack/relationship/relationship--afc0f502-39bb-41e3-b4fc-5b5bb1a1175b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3fcbc619-3e54-4260-96c0-de8cced5ffda",
+    "id": "bundle--23c682e9-ce7b-49b0-b03a-2f247f77b546",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
index d0aee7411e..2deaa8af13 100644
--- a/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
+++ b/mobile-attack/relationship/relationship--afe9e326-01f7-4296-a11b-09cfffd80120.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f050198-b6b5-46e7-a235-487f3129e095",
+    "id": "bundle--c1effb80-e0a2-400f-8619-9c5056ed358a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
index 8e62e0b022..2e4cf079cf 100644
--- a/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
+++ b/mobile-attack/relationship/relationship--b018fe06-740b-4864-b30a-f047598506b3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--214b82f8-f37a-4cb9-bd92-b1e013575914",
+    "id": "bundle--6d039fcb-83ce-4078-bbb5-11d7313b7335",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
index c18d8e0b2a..c240dba317 100644
--- a/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
+++ b/mobile-attack/relationship/relationship--b05668b9-aa06-4191-a4fa-f7e5a7804694.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--57e6f461-1f4c-440c-b505-df8933c5a7e9",
+    "id": "bundle--006cdd0f-3d7a-48d4-81b0-fe8d6f65e6ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
index a69b624bbc..436d68a51c 100644
--- a/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
+++ b/mobile-attack/relationship/relationship--b0625604-e4c4-402b-b191-f43137d38d99.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--197cf1b7-869f-4ab8-8499-e5279eb14ed6",
+    "id": "bundle--1932bdde-2f84-4a83-9ced-2a30f4bf9594",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0bade50-bcca-4924-9746-c4ed0c3be76c.json b/mobile-attack/relationship/relationship--b0bade50-bcca-4924-9746-c4ed0c3be76c.json
new file mode 100644
index 0000000000..60fea00e64
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b0bade50-bcca-4924-9746-c4ed0c3be76c.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--23dc9a6f-265a-433a-aeca-fa608453779c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b0bade50-bcca-4924-9746-c4ed0c3be76c",
+            "created": "2023-07-21T19:41:31.114Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:41:31.114Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) has been installed using the package name `com.android.callservice`, pretending to be an Android system service.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
index 22a746cffa..87067c744e 100644
--- a/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
+++ b/mobile-attack/relationship/relationship--b0d0541d-caeb-43c0-906c-2e1e2ec25f69.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--beb4af5a-4ced-4f36-bf14-a0b9c5b2f69e",
+    "id": "bundle--399b5bf1-a7f0-495d-9876-5f58b44b56b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json b/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json
index 41d394e3f8..7098cafc07 100644
--- a/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json
+++ b/mobile-attack/relationship/relationship--b0fe69e0-d08f-488d-b1cf-3f0dbb28accc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8afa0ec9-39a5-4dac-bdcd-ba5d2c145f12",
+    "id": "bundle--3478d6ae-f739-4a0c-a5d8-8d1dd89dbd0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
index a896abb41c..f35d6df5c5 100644
--- a/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
+++ b/mobile-attack/relationship/relationship--b110d919-acd4-4fe0-a46a-ac4819508667.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--036e7dd5-45d1-44ee-9045-bced48f386e4",
+    "id": "bundle--412a4025-2462-4424-915e-c5c200875344",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json b/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json
index 6166d5cfb4..1648ff328f 100644
--- a/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json
+++ b/mobile-attack/relationship/relationship--b19082d2-c151-45dd-8844-82335fbe3ed9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aad89418-19d8-4539-97f0-9669db224203",
+    "id": "bundle--096ba785-9bdc-46b6-b46b-5d9907dd3108",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
index 82267a889f..130ff6ff25 100644
--- a/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
+++ b/mobile-attack/relationship/relationship--b1e5bd2f-01e4-402d-a9b6-255110510a83.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc336410-6042-4bad-b7b2-26f874be6326",
+    "id": "bundle--61f91b2d-c40b-47d2-aa25-5d51e201df2b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b2277deb-0ddb-45a7-9690-4a2168e1026b.json b/mobile-attack/relationship/relationship--b2277deb-0ddb-45a7-9690-4a2168e1026b.json
new file mode 100644
index 0000000000..5831565ffd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b2277deb-0ddb-45a7-9690-4a2168e1026b.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--b73736dc-4c10-4366-8ec1-a5b7ec78edc2",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b2277deb-0ddb-45a7-9690-4a2168e1026b",
+            "created": "2023-10-10T15:33:59.058Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Lookout FrozenCell",
+                    "description": "Michael Flossman. (2017, October 5). FrozenCell: Multi-platform surveillance campaign against Palestinians. Retrieved November 11, 2020.",
+                    "url": "https://blog.lookout.com/frozencell-mobile-threat"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.058Z",
+            "description": "[FrozenCell](https://attack.mitre.org/software/S0577) has masqueraded as fake updates to chat applications such as Facebook, WhatsApp, Messenger, LINE, and LoveChat, as well as apps targeting Middle Eastern demographics.(Citation: Lookout FrozenCell) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--96ea1e13-d50f-45f1-b0cf-4ac9bc5a2d62",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b22addc1-6a23-4657-8164-3705e12bb95b.json b/mobile-attack/relationship/relationship--b22addc1-6a23-4657-8164-3705e12bb95b.json
new file mode 100644
index 0000000000..fb047b8225
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b22addc1-6a23-4657-8164-3705e12bb95b.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--753ee65c-d98b-42e8-81df-8701b8db91a4",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b22addc1-6a23-4657-8164-3705e12bb95b",
+            "created": "2023-07-21T19:40:41.725Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:40:41.725Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can use SMS to send C2 commands.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
index 1ad84a1743..76e58c3299 100644
--- a/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
+++ b/mobile-attack/relationship/relationship--b24553a7-01c7-49b2-b1e0-fb961e788de2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--77876974-5fa0-41e2-9a77-946ef43c8f5e",
+    "id": "bundle--89dfa37c-a3e8-4730-8daa-ec29f11c540e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
index 34c5de5c02..22c4eaa94b 100644
--- a/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
+++ b/mobile-attack/relationship/relationship--b247a4f6-3629-4123-84b0-c7c5b3e7e37e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e91e93c-d5c7-402c-9dce-ed01165e6cf2",
+    "id": "bundle--7183e078-552b-494e-8f2d-5d14caadfd79",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
index 78562cae18..0d862fd981 100644
--- a/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
+++ b/mobile-attack/relationship/relationship--b263e4e9-972d-4ba7-8be8-e55eb6a483c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5aace279-4c62-4834-a490-5e68db334dcd",
+    "id": "bundle--c763f909-713c-45fa-909e-9ece2e378282",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
index 8b696fee3c..1faad42438 100644
--- a/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
+++ b/mobile-attack/relationship/relationship--b2896068-4d54-41e1-b0f2-db9385615112.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--20c4103b-e5fc-46cb-8b54-118a27d1c01f",
+    "id": "bundle--bf60701b-992c-476b-8a99-0dd6c2ed0371",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json b/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json
index 52e9b28cf4..6bcb81aceb 100644
--- a/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json
+++ b/mobile-attack/relationship/relationship--b309c25a-6baf-4874-829d-63712a38652c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--26f88d20-a8dd-44a2-b65e-76f121baf934",
+    "id": "bundle--c1146f0a-3c29-4af1-8d0a-0cb399ec977b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
index 945011bf7c..877ce53cc0 100644
--- a/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
+++ b/mobile-attack/relationship/relationship--b30fa851-75cf-46ac-aa1b-cfa8b7f36545.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23c0db47-74be-4bdc-83fc-0b10ca43e292",
+    "id": "bundle--38d124a6-f940-417c-bd16-3c7d3225c60e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
index 8b6345e4e6..67c3d4abc8 100644
--- a/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
+++ b/mobile-attack/relationship/relationship--b356d405-f6b1-485b-bd35-236b9da766d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a31287d3-8ace-488c-b971-1af3c4de3dcd",
+    "id": "bundle--04e00fa4-ac3f-44ca-bf6e-7c87a0f3c14d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
index ccc5fa92d9..9ec71b810e 100644
--- a/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
+++ b/mobile-attack/relationship/relationship--b360a1c8-8939-428e-bc6e-3f4755bd9ee0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c02d1edf-bdf9-4400-b36c-8fb54a75c9d7",
+    "id": "bundle--f4580fa0-8221-415c-8778-492f425084e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json b/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json
index b52ddfd18c..494cc9c9dc 100644
--- a/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json
+++ b/mobile-attack/relationship/relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--68355779-411a-424e-9b40-27455ea8c1fe",
+    "id": "bundle--a6155328-be19-4b84-8a25-3d58e673449b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--b37ebb4e-0536-4de0-8e00-7b3d942a02b7",
             "created": "2023-03-20T15:33:34.181Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:33:34.181Z",
-            "description": "",
+            "modified": "2023-08-07T17:19:28.650Z",
+            "description": "System partition integrity checking mechanisms can detect unauthorized or malicious code contained in the system partition.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--9558a84e-2d5e-4872-918e-d847494a8ffc",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json b/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json
index c7ce4b7def..da95cf6065 100644
--- a/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json
+++ b/mobile-attack/relationship/relationship--b3866c07-e143-4d0d-9176-c2845f85c5ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--831f75f5-eb06-42ca-aa14-bb62ea169ef0",
+    "id": "bundle--58b446de-6606-49e5-81b0-77f778ee6fcf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b3a14001-e0c0-4f13-ac03-04e56dc0e312.json b/mobile-attack/relationship/relationship--b3a14001-e0c0-4f13-ac03-04e56dc0e312.json
new file mode 100644
index 0000000000..f05ea221f3
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b3a14001-e0c0-4f13-ac03-04e56dc0e312.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--11830c67-65da-4f2a-976b-27f475bd257e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b3a14001-e0c0-4f13-ac03-04e56dc0e312",
+            "created": "2023-10-10T15:33:59.311Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Lookout Uyghur Campaign",
+                    "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+                    "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.311Z",
+            "description": "[SilkBean](https://attack.mitre.org/software/S0549) has been incorporated into trojanized applications, including Uyghur/Arabic focused keyboards, alphabets, and plugins, as well as official-looking Google applications.(Citation: Lookout Uyghur Campaign)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ddbe5657-e21e-4a89-8221-2f1362d397ec",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
index e9b814e3c8..86b14de285 100644
--- a/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
+++ b/mobile-attack/relationship/relationship--b3bb33bf-9034-4d5c-8ea0-31d3bbd12b6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c300b44-dfad-4c23-bb0e-632b29f8960d",
+    "id": "bundle--b604485d-788d-4fb4-af4f-c0eedd2c227b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
index ac4b13e4ac..a50fa69641 100644
--- a/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
+++ b/mobile-attack/relationship/relationship--b402664b-a5b4-45e4-832f-02638e6c67a7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f4387f1-70e0-46f8-b328-b8829f6884ee",
+    "id": "bundle--60dfa90b-227e-452f-ba83-fff43e273129",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
index 0adb20400f..56bb0813b1 100644
--- a/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
+++ b/mobile-attack/relationship/relationship--b40e34ad-b699-4196-aa07-5bd71fe8f213.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e80a401-3863-4864-89c4-2bb37c3a4883",
+    "id": "bundle--54f1cfd2-1b30-4bdc-a4c0-312e0e800a07",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
index 55b903d9d8..855aaa139d 100644
--- a/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
+++ b/mobile-attack/relationship/relationship--b4180067-52b6-4109-91df-52fd9a7ed2e8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e581cc8-f168-4d32-ae5a-4fbcb563c779",
+    "id": "bundle--f73e5282-3806-40a6-adad-644cff88440c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b43c87a7-de40-4673-9808-57c7ffca7b98.json b/mobile-attack/relationship/relationship--b43c87a7-de40-4673-9808-57c7ffca7b98.json
new file mode 100644
index 0000000000..5649539234
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b43c87a7-de40-4673-9808-57c7ffca7b98.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--2091592b-f5ee-4876-b7e4-3ae47e88b609",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b43c87a7-de40-4673-9808-57c7ffca7b98",
+            "created": "2023-07-21T19:54:21.877Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:54:21.877Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) has masqueraded as popular Korean banking apps.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
index b0b7408904..3456cd3e14 100644
--- a/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
+++ b/mobile-attack/relationship/relationship--b43f4cef-138e-4b5d-8e68-e8eeae3591be.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7cb8348-36b0-4ddf-b3e6-c353f62c044b",
+    "id": "bundle--07ed2b11-600a-4a5c-8918-b8f56750a4e7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
index 260db3dc7a..b8f984bc28 100644
--- a/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
+++ b/mobile-attack/relationship/relationship--b45cf5e0-7427-4d5c-be2c-22f5231493d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--23d2c9b0-0054-47e7-aacc-acfa7e18f13f",
+    "id": "bundle--c29e259a-8e0a-4343-8de3-73392ef86a8f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
index 1a454eaf07..bbf9248828 100644
--- a/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
+++ b/mobile-attack/relationship/relationship--b4735277-516a-4cd2-9607-a3e415945d93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bb0d5499-dd80-4ffd-8786-f9d0ca8b11dd",
+    "id": "bundle--d3bc8d1b-e4fc-42e5-804a-ce40d3a07158",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
index 879a61e619..b79aaf033e 100644
--- a/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
+++ b/mobile-attack/relationship/relationship--b477afcb-7449-4fae-b4aa-c512c22d7500.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dd76d238-f26e-4c4a-90b1-f95aa6c71294",
+    "id": "bundle--0e4ce74f-25b7-40c4-8c19-397688df0cca",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
index faac04a3ba..dd68d7710b 100644
--- a/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
+++ b/mobile-attack/relationship/relationship--b49ecb71-92b3-4813-be4d-9f8c2aa67ccd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eac93572-a898-42c5-b5cf-24d058b2ef46",
+    "id": "bundle--57d0df22-753c-4472-8929-72eb1ea15e85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
index 04ae2b0e29..e046fdc207 100644
--- a/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
+++ b/mobile-attack/relationship/relationship--b4ef35e9-3dba-49c7-8842-a7dff403241f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9471256a-f842-42b9-afc8-e3da95de485f",
+    "id": "bundle--f8ffe45a-17c7-4cb7-a3d2-4799a9e64a5f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
index 8242bb1041..3d9660598d 100644
--- a/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
+++ b/mobile-attack/relationship/relationship--b536f233-8c43-4671-b8e8-d72a4806946d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--693e805c-d150-4ca3-a651-9dc98a51249b",
+    "id": "bundle--61be398f-509d-4052-8d95-4032c2c4f965",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
index 6ecf1f88f0..2c08635ebd 100644
--- a/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
+++ b/mobile-attack/relationship/relationship--b53d1c92-b71f-434e-aa4f-08b8db765248.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7a7f931-d5af-40b3-8f83-e908bba60186",
+    "id": "bundle--dea12653-47b2-44e8-94d7-27e9c24bfb60",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
index 6da3797dac..4e1b9dd02f 100644
--- a/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
+++ b/mobile-attack/relationship/relationship--b5590b50-0aaa-4f43-9b29-f17ee717b551.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49e46846-c279-462a-8cbc-abb1158ef6be",
+    "id": "bundle--4a320231-1c9e-49da-97c3-de66f471be2d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
index 90a0f2d7ed..b4acfe4658 100644
--- a/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
+++ b/mobile-attack/relationship/relationship--b5e8cef4-e8a1-484f-baae-cf12b26e6070.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6ddc0558-0eac-43bc-bcca-db948612684e",
+    "id": "bundle--f1f13423-6bf4-418b-9526-1ca1adb944e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
index b94d78a8c8..35ac224916 100644
--- a/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
+++ b/mobile-attack/relationship/relationship--b5f3b110-fc66-4369-89f3-621c945d655f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9b7d4699-2c0a-4ac2-a130-2ebdb1594906",
+    "id": "bundle--3432904d-7ac7-4b7d-9c0f-6295ec747e9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json b/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json
index c6ff86fb14..7d1cc726af 100644
--- a/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json
+++ b/mobile-attack/relationship/relationship--b610c587-576a-40cc-9f76-6362455c8ff4.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--fd5b1941-53ff-441f-a942-72efdf97117d",
+    "id": "bundle--70f8788a-f331-49fe-9550-9af2664ec832",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--b610c587-576a-40cc-9f76-6362455c8ff4",
             "created": "2023-03-20T18:43:01.334Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:43:01.334Z",
-            "description": "",
+            "modified": "2023-08-14T16:49:09.975Z",
+            "description": "Application vetting services can detect and closely scrutinize applications that utilize Device Administrator access.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--eb6cf439-1bcb-4d10-bc68-1eed844ed7b3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--b6323cf4-8141-4910-8743-e42cd15b49e9.json b/mobile-attack/relationship/relationship--b6323cf4-8141-4910-8743-e42cd15b49e9.json
new file mode 100644
index 0000000000..a3a89fa2fa
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b6323cf4-8141-4910-8743-e42cd15b49e9.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--55f969db-b01a-4a91-8818-cc556a9417bc",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b6323cf4-8141-4910-8743-e42cd15b49e9",
+            "created": "2023-07-21T19:53:59.148Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:53:59.148Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can send exfiltrated data back to the C2 server.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
index 7e140f4721..813aac19d2 100644
--- a/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
+++ b/mobile-attack/relationship/relationship--b641e5b8-5981-452a-99f0-3598c783e5ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c422738-09aa-460b-820c-9a317be3b7c1",
+    "id": "bundle--8576af7b-2ccf-47f7-9eca-96b0ea6e08d3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
index c21ee0776f..077239a484 100644
--- a/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
+++ b/mobile-attack/relationship/relationship--b6726136-3c20-4921-a0cb-75a66f59107c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f468b525-ccf1-46aa-bc7b-e4b3c920027c",
+    "id": "bundle--65c2c54e-cb95-4f11-b850-877a4b946bd1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
index bb921b154d..032e412466 100644
--- a/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
+++ b/mobile-attack/relationship/relationship--b67f04d9-1cbd-49b4-9ec3-a33a41ac42ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f328add-ba32-43f0-9ab2-6614423268c4",
+    "id": "bundle--66ee90da-fc31-4efe-869e-d2c161933598",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json b/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json
index e9e7d0b6d5..8a575ce681 100644
--- a/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json
+++ b/mobile-attack/relationship/relationship--b697a198-8949-43e0-b2b8-23498373c920.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--06afaa47-6eee-41c9-96a6-d35cf2abc3b2",
+    "id": "bundle--9f6e1298-be35-42b8-92c2-ceaa9f20a9e0",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--b697a198-8949-43e0-b2b8-23498373c920",
             "created": "2023-03-20T18:37:13.628Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:37:13.628Z",
-            "description": "",
+            "modified": "2023-08-14T16:28:09.643Z",
+            "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
             "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--b6feb018-65e3-46ff-b872-e4385b6f3b34.json b/mobile-attack/relationship/relationship--b6feb018-65e3-46ff-b872-e4385b6f3b34.json
new file mode 100644
index 0000000000..d2068a1a0a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b6feb018-65e3-46ff-b872-e4385b6f3b34.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--2acb4abe-a12b-4c7d-a830-2b5f5dc7609e",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b6feb018-65e3-46ff-b872-e4385b6f3b34",
+            "created": "2023-08-23T22:48:11.931Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-23T22:50:11.248Z",
+            "description": "[Gustuff](https://attack.mitre.org/software/S0406) may prevent application removal by abusing Android\u2019s ` performGlobalAction(int)` API call. ",
+            "relationship_type": "uses",
+            "source_ref": "malware--ff8e0c38-be47-410f-a2d3-a3d24a87c617",
+            "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
index 2b78c77dac..85011bf106 100644
--- a/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
+++ b/mobile-attack/relationship/relationship--b7282bf9-63f8-49ad-8ee0-f2ad523a367e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e039e06-97c3-42d6-ae5f-f861946ae4e9",
+    "id": "bundle--0ead9b3b-2281-47ad-a449-5fb26d5abb16",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
index 9acc3d942c..e75a5fc850 100644
--- a/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
+++ b/mobile-attack/relationship/relationship--b7652f27-1cf6-4310-bf6b-5fb99c4fd725.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f35209f0-207b-466e-9cb9-220ad70f6f5d",
+    "id": "bundle--6bf7ac26-d360-4beb-8558-b25859364d50",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
index 80d32c2716..fa035c28b8 100644
--- a/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
+++ b/mobile-attack/relationship/relationship--b7a31a11-6c84-4c28-a548-4751e4d71134.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71daa3fc-a9b4-4637-ac53-9f72353df546",
+    "id": "bundle--59319ba9-d647-4bae-92fb-200c64b68c6d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json b/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json
index c1e43f0568..cb08cefc14 100644
--- a/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json
+++ b/mobile-attack/relationship/relationship--b7c8abf7-d4e4-40a4-aa2a-ee995a6f4f10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae9a722a-fb9d-4a16-a1f8-58fa3eff1c52",
+    "id": "bundle--94dbd467-244c-44a8-b077-07af97f7ca54",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
index c097d9afb2..ac85021b7b 100644
--- a/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
+++ b/mobile-attack/relationship/relationship--b7cf1c31-8722-4eeb-ae59-66936c15fa87.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e83d4f9f-ae25-4e72-b90d-6fff1f4cb9d9",
+    "id": "bundle--44c72d20-9f6a-4c87-8bf4-0cbc01b396c4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
index e41154988d..8557d6f00b 100644
--- a/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
+++ b/mobile-attack/relationship/relationship--b81a284d-34ec-4e61-a073-bf6cd85e4c3f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a38a1a5d-b0f5-49c1-b1cd-a2224a372ee1",
+    "id": "bundle--b0ca02e8-7617-4f10-a926-7a7fea40d7e5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
index 9f24876caa..3aa6c343ae 100644
--- a/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
+++ b/mobile-attack/relationship/relationship--b81ba10a-73c2-4616-a8bc-eeb422e1c5ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1cbcac1-740c-47c7-811f-1ad0f1f90fca",
+    "id": "bundle--0099b187-0e60-4075-966c-75eb2bdf309a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b81f9698-b9d1-4a6a-b836-f7e29232693a.json b/mobile-attack/relationship/relationship--b81f9698-b9d1-4a6a-b836-f7e29232693a.json
new file mode 100644
index 0000000000..4ebecd7561
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b81f9698-b9d1-4a6a-b836-f7e29232693a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--5a93ad4c-ad15-4f67-b02e-7febd699b539",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b81f9698-b9d1-4a6a-b836-f7e29232693a",
+            "created": "2023-09-28T17:26:10.893Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "kaspersky_fakecalls_0422",
+                    "description": "Igor Golovin. (2022, April 11). Fakecalls: a talking Trojan. Retrieved July 21, 2023.",
+                    "url": "https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:26:10.893Z",
+            "description": "[Fakecalls](https://attack.mitre.org/software/S1080) can manipulate a device\u2019s call log, including deleting incoming calls.(Citation: kaspersky_fakecalls_0422)",
+            "relationship_type": "uses",
+            "source_ref": "malware--429e1526-6293-495b-8808-af7f9a66c4be",
+            "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
index 244ce9ec93..f6586eaf1e 100644
--- a/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
+++ b/mobile-attack/relationship/relationship--b8606318-8c12-4381-ba33-5b2321772ea0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--78965de5-126c-4f02-9a77-2dc934362977",
+    "id": "bundle--78b2e243-9f98-4062-ba43-032f3db6fea3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b96e8699-4bd2-4793-8f9c-88d6e4c50e98.json b/mobile-attack/relationship/relationship--b96e8699-4bd2-4793-8f9c-88d6e4c50e98.json
new file mode 100644
index 0000000000..66fefb7b33
--- /dev/null
+++ b/mobile-attack/relationship/relationship--b96e8699-4bd2-4793-8f9c-88d6e4c50e98.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--5ff2b8e8-62ce-42eb-a825-8a897c2f42d6",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--b96e8699-4bd2-4793-8f9c-88d6e4c50e98",
+            "created": "2023-09-28T17:39:35.622Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Trend Micro FlyTrap",
+                    "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts \u2014 Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+                    "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:39:35.622Z",
+            "description": "[FlyTrap](https://attack.mitre.org/software/S1093) has used infected applications with Facebook login prompts to steal credentials.(Citation: Trend Micro FlyTrap)",
+            "relationship_type": "uses",
+            "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+            "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
index 8e4de43a06..3f59141894 100644
--- a/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
+++ b/mobile-attack/relationship/relationship--b98fa6ef-a5f2-4867-8108-8daf8534cc3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3635f0ee-6462-44e8-a83f-f53eb3463363",
+    "id": "bundle--2693132e-3946-4c9e-9046-386247471185",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
index d359925588..a479dee33d 100644
--- a/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
+++ b/mobile-attack/relationship/relationship--b9af8369-a6b2-4081-9f07-2ee15d56bffc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9cd76755-3865-4a92-b548-a078e31aa8ce",
+    "id": "bundle--19a89884-acac-4658-8142-63c7b2b9cb8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
index 19f2db9ac4..cef2f78482 100644
--- a/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
+++ b/mobile-attack/relationship/relationship--b9b9ce86-89f6-41ea-8ba1-9520985acb49.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--814673f7-f903-4741-8e7d-334ce3b7e482",
+    "id": "bundle--df666fc3-61d0-4303-84fd-cc755b2c269f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
index cc64d6bc63..4592aceee0 100644
--- a/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
+++ b/mobile-attack/relationship/relationship--ba02a1dc-d5b9-41cb-9adf-883119e1aa51.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01120126-94b1-4b82-b588-0ee8398a1c36",
+    "id": "bundle--af7ae2e8-1d58-4374-9785-58f1aed1db11",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba116807-ef1c-4621-84c8-9921fa7b735e.json b/mobile-attack/relationship/relationship--ba116807-ef1c-4621-84c8-9921fa7b735e.json
new file mode 100644
index 0000000000..83eeef0842
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ba116807-ef1c-4621-84c8-9921fa7b735e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--63fd66a0-184e-475b-9343-bf683eaa5e14",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ba116807-ef1c-4621-84c8-9921fa7b735e",
+            "created": "2023-09-28T17:19:21.499Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:19:21.499Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can request the `GET_ACCOUNTS` permission to get the list of accounts on the device, and can collect media files.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--702055ac-4e54-4ae9-9527-e23a38e0b160",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
index c964b05b45..159455de71 100644
--- a/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
+++ b/mobile-attack/relationship/relationship--ba5fc090-d420-4006-9dc0-57b75260b5f6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9cc71786-60f0-4427-b3d1-d05683b78f90",
+    "id": "bundle--94810f7a-caf0-4f04-826e-c118a3d08c8a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
index 14835fb37e..9aa14f7641 100644
--- a/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
+++ b/mobile-attack/relationship/relationship--ba8735ad-b9c6-4b35-9fac-d4747ab0b2ae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5432bdd5-320e-4487-998b-7f7fc0fe8416",
+    "id": "bundle--817bea4b-8268-470f-aaec-8eda5f69a3ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
index e3fa6a5c49..933191fab2 100644
--- a/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
+++ b/mobile-attack/relationship/relationship--baa82c0a-b51c-4d4a-ae1d-6d6fd637f78d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f21e4e24-8cba-4764-a3ff-28f23d0d9f38",
+    "id": "bundle--9fd92293-0dd1-4862-b456-211d4ed333bb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--baad8ab8-f05f-4e31-9671-44c009ae3ecf.json b/mobile-attack/relationship/relationship--baad8ab8-f05f-4e31-9671-44c009ae3ecf.json
new file mode 100644
index 0000000000..91fba5ade2
--- /dev/null
+++ b/mobile-attack/relationship/relationship--baad8ab8-f05f-4e31-9671-44c009ae3ecf.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--b33477df-21bc-4280-b5e6-6e94b4181e97",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--baad8ab8-f05f-4e31-9671-44c009ae3ecf",
+            "created": "2023-08-09T14:38:34.721Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-09T14:38:34.721Z",
+            "description": "Dynamic analysis, when used in application vetting, may in some cases be able to identify malicious code in obfuscated or encrypted form by detecting the code at execution time (after it is deobfuscated or decrypted). Some application vetting techniques apply reputation analysis of the application developer and can alert to potentially suspicious applications without actual examination of application code.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+            "target_ref": "attack-pattern--d13fa042-8f26-44e1-a2a8-af0bf8e2ac9a",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
index f8680ece56..a4c97d599f 100644
--- a/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
+++ b/mobile-attack/relationship/relationship--bb006be2-7d2c-4bb3-ab48-7c95e0ab8106.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1fa94ca-d12c-4638-b849-bd44209cea9f",
+    "id": "bundle--85c97661-97ad-434f-9345-b8e98d218b87",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json b/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json
index 4d2dfd3170..226c59dcf1 100644
--- a/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json
+++ b/mobile-attack/relationship/relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--6bce78e8-d826-4e2d-9bae-4023c5323a8b",
+    "id": "bundle--1d50ce8f-f844-461c-a2d3-231df5171337",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--bb11b7d1-e661-49af-9746-9fa4c56324bf",
             "created": "2023-03-20T18:59:14.759Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:59:14.759Z",
-            "description": "",
+            "modified": "2023-08-08T16:31:10.270Z",
+            "description": "Application vetting services can detect unnecessary and potentially abused API calls.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
index 0c41228b31..01119008ae 100644
--- a/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
+++ b/mobile-attack/relationship/relationship--bb34aff0-9af9-463b-a1aa-7f5ec7b84630.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2bf808ee-9b3d-4102-9c85-5c0cb98b2dea",
+    "id": "bundle--86d9353b-e61e-4888-8eec-f94a8ea3d5c7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
index a18cd478e7..6fec6c7880 100644
--- a/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
+++ b/mobile-attack/relationship/relationship--bb3be217-08e2-4bb0-9f1a-d8e538010451.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--289de7f6-d5a3-4f88-83cc-990fdf4936a3",
+    "id": "bundle--111025da-c227-4cf0-8a69-78f53539aadb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bb77cfbe-ac95-4cc2-acbc-8cefa15b9387.json b/mobile-attack/relationship/relationship--bb77cfbe-ac95-4cc2-acbc-8cefa15b9387.json
new file mode 100644
index 0000000000..83411540ec
--- /dev/null
+++ b/mobile-attack/relationship/relationship--bb77cfbe-ac95-4cc2-acbc-8cefa15b9387.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--fab2fa2b-a82a-4405-8dfa-87dc7eaef010",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--bb77cfbe-ac95-4cc2-acbc-8cefa15b9387",
+            "created": "2023-06-09T19:09:30.333Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T19:15:08.695Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can gather device call logs.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
index 3b094097cb..d2c91f2662 100644
--- a/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
+++ b/mobile-attack/relationship/relationship--bb83ee25-8875-4806-9f69-ac39bf7cb402.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8eb7dd4-d443-4f3e-9ea1-c3a385920492",
+    "id": "bundle--18469d89-d231-4d89-ba99-e1db3ccaaaa0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
index 76997ad3e6..5af001fe9c 100644
--- a/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
+++ b/mobile-attack/relationship/relationship--bba8b056-acbe-4fed-b890-965a446d7a3c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--85cf7172-40b9-41be-8d1c-db7b87ca87b8",
+    "id": "bundle--0c545b8c-5bb3-424b-89f6-6f5b039c879d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json b/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json
index 0164514d49..450222c222 100644
--- a/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json
+++ b/mobile-attack/relationship/relationship--bbc6308e-f7f6-40c7-80cb-f760d623c8af.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de37c52c-7350-460c-9a49-a5752f3d7c18",
+    "id": "bundle--9feda198-21e6-4b72-b7d7-21532dddc18f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
index d6ad9b92cf..bfdfe30bb9 100644
--- a/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
+++ b/mobile-attack/relationship/relationship--bbe1af69-7303-4205-82d8-5b03c43e39c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--69120a16-49f3-4f7e-ad09-d5d69ae82e29",
+    "id": "bundle--e2ae0336-6627-4948-ba62-79bc77e1fd57",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
index 96fa904811..211c162356 100644
--- a/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
+++ b/mobile-attack/relationship/relationship--bc0d2cbb-30fa-40e6-a250-bf6e5d8f9005.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--41580c94-89eb-42a7-b9bd-cfee29867a35",
+    "id": "bundle--ce22ac12-c4d1-4af3-a8b2-a8ccce623d96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json b/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json
index c7bd6c8e64..863c8ed64f 100644
--- a/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json
+++ b/mobile-attack/relationship/relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--ab9efdab-f353-47bd-96a6-d175d4c3beae",
+    "id": "bundle--5532b1e8-4195-44c6-8505-fd7e39e30ef8",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--bc0d86de-0642-4cbf-a785-7ff70507a9a2",
             "created": "2023-03-20T18:51:44.864Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:51:44.864Z",
-            "description": "",
+            "modified": "2023-08-08T17:08:11.867Z",
+            "description": "The user can examine the list of all installed applications, including those with a suppressed icon, in the device settings. If the user is redirected to the device settings when tapping an application\u2019s icon, they should inspect the application to ensure it is genuine.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
index e96b92582b..93385af1dc 100644
--- a/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
+++ b/mobile-attack/relationship/relationship--bc4e848a-adb7-40a2-94a1-d5ab9854ff0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a4a8e37-5dad-4c5d-84db-d3404b659003",
+    "id": "bundle--a86735c1-450a-4877-a9cf-ac3bebddf8f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc59883f-672e-4dc8-a7de-f713a26f88e1.json b/mobile-attack/relationship/relationship--bc59883f-672e-4dc8-a7de-f713a26f88e1.json
new file mode 100644
index 0000000000..ea1f56fdc1
--- /dev/null
+++ b/mobile-attack/relationship/relationship--bc59883f-672e-4dc8-a7de-f713a26f88e1.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--8984ee95-0b38-48ec-b704-304f1e933e28",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--bc59883f-672e-4dc8-a7de-f713a26f88e1",
+            "created": "2023-08-14T16:31:37.179Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-14T16:31:37.179Z",
+            "description": "Many properly configured firewalls may naturally block command and control traffic.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+            "target_ref": "attack-pattern--c6a146ae-9c63-4606-97ff-e261e76e8380",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json b/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json
index 4834cd4570..5022fb341b 100644
--- a/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json
+++ b/mobile-attack/relationship/relationship--bc79a212-139f-4dce-be72-e90585f38f03.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--cf1a20b9-87ff-4043-8433-5be058556052",
+    "id": "bundle--7d4daa56-8642-4b53-97d4-64900431eeba",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--bc79a212-139f-4dce-be72-e90585f38f03",
             "created": "2023-03-16T18:31:37.091Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:31:37.091Z",
-            "description": "",
+            "modified": "2023-08-10T21:11:17.731Z",
+            "description": "The user can view their default phone app in device settings.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--351ddf79-2d3a-41b4-9bef-82ea5d3ccd69",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
index 3ab44ddb92..a4c7107458 100644
--- a/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
+++ b/mobile-attack/relationship/relationship--bc79d59b-1828-4133-9f8f-df8cad9543a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d334779-78c4-41d3-b7af-8b8821d83983",
+    "id": "bundle--5da3972d-d7f7-4858-bd5a-968df9da0418",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bc870a55-5499-4146-91ef-ea74647c3e10.json b/mobile-attack/relationship/relationship--bc870a55-5499-4146-91ef-ea74647c3e10.json
new file mode 100644
index 0000000000..92eb1074b0
--- /dev/null
+++ b/mobile-attack/relationship/relationship--bc870a55-5499-4146-91ef-ea74647c3e10.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--cd7d3d7a-e65a-44ef-9903-a51b4598e601",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--bc870a55-5499-4146-91ef-ea74647c3e10",
+            "created": "2023-07-12T20:50:03.159Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-12T20:50:03.159Z",
+            "description": "Users should be encouraged to only install apps from authorized app stores, which are less likely to contain malicious repackaged apps.",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
index 08dae9b512..08492b1ad6 100644
--- a/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
+++ b/mobile-attack/relationship/relationship--bcc8eb7a-d2a8-41d2-832e-f435e51c685a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--042f995e-3bfd-4867-9d35-58aeffca1bfe",
+    "id": "bundle--dde41089-a8fe-4fe3-a36f-4b5676345437",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
index 2053071186..2d7f3dbb2a 100644
--- a/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
+++ b/mobile-attack/relationship/relationship--bce64ec2-43d5-4501-a0aa-0abe65551a19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d6ea26f-3c81-4ee8-b955-2546229682dc",
+    "id": "bundle--a4de8d0e-63af-499d-9d27-bc4741722c73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
index a0ec7602a2..bf962b6b4e 100644
--- a/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
+++ b/mobile-attack/relationship/relationship--bd1e016a-1ebb-4f30-9342-998f656dd8b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9405c4d4-7efd-4070-8a1e-86625bf57790",
+    "id": "bundle--3edc7937-19a9-4f08-86fa-8e4405454959",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
index a68f8ea752..a9976705d5 100644
--- a/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
+++ b/mobile-attack/relationship/relationship--bd29ce15-1771-470c-a74b-5ea90832ce23.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7f6778a5-1107-4961-9519-408204ff40c3",
+    "id": "bundle--2dfbac0c-c265-436d-9db2-94254cd9cdee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
index 265e85dcfc..edfda5d13b 100644
--- a/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
+++ b/mobile-attack/relationship/relationship--bd351b17-e995-4528-bbea-e1138c51476a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c90fe0f-2db2-46c4-a674-dd95b46bab17",
+    "id": "bundle--e12070d2-bd73-4dca-95e4-dcc6bb0e9122",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
index f86f654090..f68e9a9141 100644
--- a/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
+++ b/mobile-attack/relationship/relationship--bd6829ee-dc51-477b-9739-1cd1cd304b6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--00adeaaa-8cdf-4730-a5b5-059bd14df9e3",
+    "id": "bundle--88ec9134-5751-45dd-921b-6c9b344e3444",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
index 4b26896110..c0f065ebea 100644
--- a/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
+++ b/mobile-attack/relationship/relationship--bd889077-d4bd-4475-8e1f-6f507a7bedb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5b04833-31ec-4acc-867d-3893e57553d4",
+    "id": "bundle--7600dc5e-e627-4129-bd06-33f0aa7658e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json b/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json
index d84f2e0596..f1241e3a64 100644
--- a/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json
+++ b/mobile-attack/relationship/relationship--bd952153-4902-4fc4-8e2e-b7c7b8bad7f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--03432f11-c72e-4655-9ca3-4710b2ea4259",
+    "id": "bundle--594370b7-cd1a-4bd4-8ce5-5eba88580b5d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
index 8b316367dc..504ea06fba 100644
--- a/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
+++ b/mobile-attack/relationship/relationship--bd99b570-5966-4337-8ab4-2d6f4afd0f7f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0fbeb0bb-4e1f-426d-8b17-83f579dc040d",
+    "id": "bundle--13c250af-1f68-4ebb-a1a2-fdc0ab4ebe1d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json b/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json
index e893780e80..884bc7c5d8 100644
--- a/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json
+++ b/mobile-attack/relationship/relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--c627a1d1-5ccc-4398-aab0-92a52f978e92",
+    "id": "bundle--7adb040e-c2d2-4bcc-be75-6ecac4014a6b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--bdb29822-63c5-4dd0-961b-cdf3f2482adf",
             "created": "2023-03-16T18:28:28.144Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:28:28.144Z",
-            "description": "",
+            "modified": "2023-08-10T22:11:45.377Z",
+            "description": "On both Android and iOS, the user can manage which applications have permission to access calendar information through the device settings screen, revoke the permission if necessary. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--bdc59dcf-0e0a-4d47-b289-0c298115215f.json b/mobile-attack/relationship/relationship--bdc59dcf-0e0a-4d47-b289-0c298115215f.json
new file mode 100644
index 0000000000..ead2b283bc
--- /dev/null
+++ b/mobile-attack/relationship/relationship--bdc59dcf-0e0a-4d47-b289-0c298115215f.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--d899ca90-ceb9-43ec-85e5-8b02029c283c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--bdc59dcf-0e0a-4d47-b289-0c298115215f",
+            "created": "2023-08-23T22:17:13.986Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-23T22:17:13.986Z",
+            "description": "Security updates frequently contain patches to vulnerabilities. ",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--bcecd036-f40e-4916-9f8e-fd0ccf0ece8d",
+            "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
index ea2f200ca3..5ded2348ac 100644
--- a/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
+++ b/mobile-attack/relationship/relationship--be136fd1-6949-4de6-be37-6d76f8def41a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87f044cd-f981-4b43-a884-8ebf3ba1f253",
+    "id": "bundle--e5789061-6ad1-4c83-9d23-7984ee32ddec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
index 0fca034166..e4aca76125 100644
--- a/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
+++ b/mobile-attack/relationship/relationship--be17dc63-5b0a-491a-be5f-132058444c3a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7f40dd74-366a-483b-9806-26970143e35b",
+    "id": "bundle--91e82935-7504-4ce3-b00b-3c2c860ac226",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
index 046e482aa4..8b796323ff 100644
--- a/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
+++ b/mobile-attack/relationship/relationship--be256f8a-8bae-4a00-8682-22797ba7e0ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d5fbcd20-c4ed-4139-8d8f-65c4ec2b7535",
+    "id": "bundle--f6fa3429-1096-40a0-a7fa-b270c65ac29a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
index b2a5f42adc..02ded6630f 100644
--- a/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
+++ b/mobile-attack/relationship/relationship--be27a303-5748-4b72-ba69-a328e2f6cc08.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5786c67c-0c63-4834-91ac-271d7f92abf7",
+    "id": "bundle--99c7158d-ffd0-40e8-aec7-a849068e1cfc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
index ebd5b8b3d5..6a8c6b2ff2 100644
--- a/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
+++ b/mobile-attack/relationship/relationship--be39c012-7201-4757-8cd6-c855bc945a9e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c55d7934-a379-471b-937d-6430ff86c8b2",
+    "id": "bundle--39819718-da3a-48d2-82e8-2c683982d4bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json b/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json
index 252bcf9046..ca367b4194 100644
--- a/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json
+++ b/mobile-attack/relationship/relationship--be7c3f83-b164-4d53-bfac-65f7437dabec.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--27091319-8495-4f97-8021-53e815bf8b63",
+    "id": "bundle--2374549b-6794-451f-94c3-1e90ae357ab6",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--be7c3f83-b164-4d53-bfac-65f7437dabec",
             "created": "2023-03-20T18:54:36.266Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:54:36.266Z",
-            "description": "",
+            "modified": "2023-08-08T17:13:28.972Z",
+            "description": "The user can view a list of device administrators and applications that have registered accessibility services in device settings. The user can typically visually see when an action happens that they did not initiate and can subsequently review installed applications for any out of place or unknown ones. Applications that register an accessibility service or request device administrator permissions should be scrutinized further for malicious behavior.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--be8d0cd6-be77-456e-bcfb-6325cb8ba137.json b/mobile-attack/relationship/relationship--be8d0cd6-be77-456e-bcfb-6325cb8ba137.json
new file mode 100644
index 0000000000..6ee59fdea0
--- /dev/null
+++ b/mobile-attack/relationship/relationship--be8d0cd6-be77-456e-bcfb-6325cb8ba137.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--39463cdb-15c6-4198-bb0f-00fa05dceedc",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--be8d0cd6-be77-456e-bcfb-6325cb8ba137",
+            "created": "2023-09-28T17:20:15.010Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:20:15.010Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can access external storage.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--cf28ca46-1fd3-46b4-b1f6-ec0b72361848",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
index c86ed94205..789788d743 100644
--- a/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
+++ b/mobile-attack/relationship/relationship--bed52256-e5d2-4f15-8c4c-27f709e10c6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bbf71fb8-4636-4185-9fef-a2b6b560af7f",
+    "id": "bundle--031e18c8-e763-43e5-989b-12fc872c407b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
index 7152126542..8a189f7b9f 100644
--- a/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
+++ b/mobile-attack/relationship/relationship--bee6407a-1f05-4f91-b6e7-a8f8b58fa421.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f3ee0d00-6e36-49f1-b647-17163568efd0",
+    "id": "bundle--beeb4626-f6e0-4c40-b138-e936e8076957",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
index 1502c8d954..b65eb07ec1 100644
--- a/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
+++ b/mobile-attack/relationship/relationship--bee919a6-c488-49a0-9848-fff19aa2c276.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--efe7d5b9-de45-4161-8209-ff248a2d5f48",
+    "id": "bundle--ce85fcdd-a72b-4b41-bc29-97fba0e235e1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bef936d5-736e-491a-9c30-37b8362a5d96.json b/mobile-attack/relationship/relationship--bef936d5-736e-491a-9c30-37b8362a5d96.json
new file mode 100644
index 0000000000..d907bd6919
--- /dev/null
+++ b/mobile-attack/relationship/relationship--bef936d5-736e-491a-9c30-37b8362a5d96.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--0b73b28f-aa75-4a6d-a2f5-9cbb40d381c3",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--bef936d5-736e-491a-9c30-37b8362a5d96",
+            "created": "2023-07-21T19:33:48.439Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:33:48.439Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can access device call logs.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--befa3b5a-e4f4-4ed3-ada1-860a034284d2.json b/mobile-attack/relationship/relationship--befa3b5a-e4f4-4ed3-ada1-860a034284d2.json
new file mode 100644
index 0000000000..c9b47cbeb2
--- /dev/null
+++ b/mobile-attack/relationship/relationship--befa3b5a-e4f4-4ed3-ada1-860a034284d2.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--8a7a33e9-3741-4b64-86ce-9114dec5ba42",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--befa3b5a-e4f4-4ed3-ada1-860a034284d2",
+            "created": "2023-09-28T17:19:51.110Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:19:51.110Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can access the device\u2019s call log.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--1d1b1558-c833-482e-aabb-d07ef6eae63d",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
index e9ac972fcf..678a780eef 100644
--- a/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
+++ b/mobile-attack/relationship/relationship--bf19207a-ac71-436d-8ef4-4ab059b533c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61f301c1-06b1-4849-b93f-e531d6651a1c",
+    "id": "bundle--9a3f89fa-f182-411e-84d8-dcbe0911c8e3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
index 87608bf750..d00b95d9f5 100644
--- a/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
+++ b/mobile-attack/relationship/relationship--bf2ea132-c8f3-4ea0-8c4c-bdc95923c3b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7c399dd5-a5ca-491e-9ec4-92cd918811d0",
+    "id": "bundle--76eaf45d-cd56-4257-a12b-19d6435d0908",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bf33711d-a4d2-4957-9b1f-49c5b83958db.json b/mobile-attack/relationship/relationship--bf33711d-a4d2-4957-9b1f-49c5b83958db.json
new file mode 100644
index 0000000000..0357a40a99
--- /dev/null
+++ b/mobile-attack/relationship/relationship--bf33711d-a4d2-4957-9b1f-49c5b83958db.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--3c429e88-9f21-4f26-996e-5f46b8dba252",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--bf33711d-a4d2-4957-9b1f-49c5b83958db",
+            "created": "2023-09-21T22:51:40.666Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T22:51:40.666Z",
+            "description": "[Pegasus for iOS](https://attack.mitre.org/software/S0289) can compromise iPhones running iOS 16.6 without any user interaction.",
+            "relationship_type": "uses",
+            "source_ref": "malware--33d9d91d-aad9-49d5-a516-220ce101ac8a",
+            "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
index 03f326732e..e01e3a046d 100644
--- a/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
+++ b/mobile-attack/relationship/relationship--bf901bab-3caa-4d05-a859-d9fb4d838304.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9d209b9-bdff-4fa3-aa2e-9f742e4c9e4f",
+    "id": "bundle--7a355f56-9460-4e2f-bbab-303ce1463a00",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bfad064a-0a49-44e3-b283-94653edc12af.json b/mobile-attack/relationship/relationship--bfad064a-0a49-44e3-b283-94653edc12af.json
new file mode 100644
index 0000000000..12c554de69
--- /dev/null
+++ b/mobile-attack/relationship/relationship--bfad064a-0a49-44e3-b283-94653edc12af.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--a7d59505-49bc-48e2-9487-c08cde7cb1ec",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--bfad064a-0a49-44e3-b283-94653edc12af",
+            "created": "2023-08-07T17:13:04.270Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-07T17:13:04.270Z",
+            "description": "Mobile security products can often alert the user if their device is vulnerable to known exploits.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
+            "target_ref": "attack-pattern--667e5707-3843-4da8-bd34-88b922526f0d",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
index 470a9e4094..e90cdf8a0e 100644
--- a/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
+++ b/mobile-attack/relationship/relationship--bfd0d9cb-27e2-42a2-9207-764bb1491962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--73e9a6a3-a74b-4ccb-81c2-71819d1a3238",
+    "id": "bundle--8fd40fdc-ce30-4f7e-8ca6-eea3204a0ff9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json b/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json
index 1c4bd6a011..e29c168d03 100644
--- a/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json
+++ b/mobile-attack/relationship/relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--55df5658-39af-4f04-9c0b-91fc8e258684",
+    "id": "bundle--c395a9dd-ad22-44ac-9867-1fa02261e28a",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--bff3f22c-660d-4ceb-b1bb-dbd064d363c0",
             "created": "2023-03-15T16:39:32.117Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:39:32.117Z",
-            "description": "",
+            "modified": "2023-08-10T21:00:59.182Z",
+            "description": "Application vetting services should look for applications that request VPN access. These applications should be heavily scrutinized since VPN functionality is not very common. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2",
             "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json b/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json
index 82f2a6c020..61333c5dec 100644
--- a/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json
+++ b/mobile-attack/relationship/relationship--c00031dd-0466-4fd2-9724-ab1c04232bad.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--7c75b96e-16df-4b80-b4ed-ca2860910be1",
+    "id": "bundle--edea437c-7065-457c-ac81-2ca8e73508c2",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c00031dd-0466-4fd2-9724-ab1c04232bad",
             "created": "2023-03-20T18:44:40.722Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:44:40.722Z",
-            "description": "",
+            "modified": "2023-08-08T16:28:27.010Z",
+            "description": "Application vetting services can detect unnecessary and potentially abused API calls.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
index 5d8cf714ea..5ea01cd82c 100644
--- a/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
+++ b/mobile-attack/relationship/relationship--c021d9b9-3850-425d-b3d2-6b7bd7e62b95.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--640dfc0a-99f0-4b08-ad59-a51e7dfc679e",
+    "id": "bundle--0a8acaaf-62fa-45fe-8a1d-063259eac827",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
index ae0c644114..e27286e229 100644
--- a/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
+++ b/mobile-attack/relationship/relationship--c1453cd9-44bb-4dd2-bdbd-eb06a239d38c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8de3f619-4035-4aa2-aa7b-658e1fdbcb4b",
+    "id": "bundle--1f1dd6fc-eb9d-4f3e-a6a6-f2548c4905d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
index 3ad9a71767..558a7ac51d 100644
--- a/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
+++ b/mobile-attack/relationship/relationship--c14efc74-8a5c-4a2d-b9ba-a231738c90dd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ee21eb57-5e80-440d-9e9d-829c7a9661b0",
+    "id": "bundle--b4e3346e-3833-4293-86fe-078895985158",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
index 7fca0afd27..2854f86b79 100644
--- a/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
+++ b/mobile-attack/relationship/relationship--c1512591-7440-4a69-93b9-fe439a4c197e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--016aa36e-b768-4b7a-b192-7563f60977b3",
+    "id": "bundle--6da8cf60-9251-4805-a7da-2f83548161f9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c16c7904-3c85-49de-a0f4-872f4227d775.json b/mobile-attack/relationship/relationship--c16c7904-3c85-49de-a0f4-872f4227d775.json
new file mode 100644
index 0000000000..1052fb3680
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c16c7904-3c85-49de-a0f4-872f4227d775.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4d858fb8-1a9a-49ad-837c-3197d818d50a",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--c16c7904-3c85-49de-a0f4-872f4227d775",
+            "created": "2023-10-10T15:33:59.143Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "SecureList - ViceLeaker 2019",
+                    "description": "GReAT. (2019, June 26).  ViceLeaker Operation: mobile espionage targeting Middle East. Retrieved November 21, 2019.",
+                    "url": "https://securelist.com/fanning-the-flames-viceleaker-operation/90877/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:59.143Z",
+            "description": "[ViceLeaker](https://attack.mitre.org/software/S0418) was embedded into legitimate applications using Smali injection.(Citation: SecureList - ViceLeaker 2019)",
+            "relationship_type": "uses",
+            "source_ref": "malware--6fcaf9b0-b509-4644-9f93-556222c81ed2",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c186864b-0af9-42eb-92ba-b8a6952e89b6.json b/mobile-attack/relationship/relationship--c186864b-0af9-42eb-92ba-b8a6952e89b6.json
new file mode 100644
index 0000000000..f26e92ef06
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c186864b-0af9-42eb-92ba-b8a6952e89b6.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c47b3e4a-4f6a-4c93-a7ae-8272bc3939e6",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--c186864b-0af9-42eb-92ba-b8a6952e89b6",
+            "created": "2023-07-21T19:36:09.214Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:36:09.214Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can take photos using the device cameras.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json b/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json
index 79cd73cb6a..9d58f15031 100644
--- a/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json
+++ b/mobile-attack/relationship/relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--30a32c13-a2cd-442b-8514-ec91498a34cf",
+    "id": "bundle--54cd2260-3fee-4a80-ac66-95fb6a2f68ba",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c1d78c3d-9ed6-4e3f-9cad-b98b5dfb8ebd",
             "created": "2023-03-20T15:40:11.819Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:40:11.819Z",
-            "description": "",
+            "modified": "2023-08-10T22:13:31.468Z",
+            "description": "On both Android and iOS, the user can manage which applications have permission to access the contact list through the device settings screen, revoking the permission if necessary. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--e0b9ecb8-a7d1-43c7-aa30-8e19c6a92c86",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json b/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json
index d71859ad7d..7617b9687d 100644
--- a/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json
+++ b/mobile-attack/relationship/relationship--c23d9eff-1d4e-479f-a114-acc535540a23.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--ccb0cefc-405f-4579-b13b-9759036d9cb0",
+    "id": "bundle--fa443df2-b187-44b0-aa30-a99048cc0fb5",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c23d9eff-1d4e-479f-a114-acc535540a23",
             "created": "2023-03-20T18:46:51.895Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:46:51.895Z",
-            "description": "",
+            "modified": "2023-08-08T16:29:07.329Z",
+            "description": "Application vetting services can detect unnecessary and potentially abused permissions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--498e7b81-238d-404c-aa5e-332904d63286",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
index e2d3e176de..95d70c2604 100644
--- a/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
+++ b/mobile-attack/relationship/relationship--c2536a3c-bb84-42b7-8ac6-05f26205a4ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--542bbe65-ee70-4b2e-a8b1-849753eb094c",
+    "id": "bundle--1f5b7016-7352-496e-a277-3603a5326a29",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
index 748d92f319..45c2f6754e 100644
--- a/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
+++ b/mobile-attack/relationship/relationship--c264d954-8b5f-4be1-acf0-6387b7f04fae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6de681b0-d949-42a6-be98-e9e51e9617b0",
+    "id": "bundle--04433b76-cae3-4a36-a095-62b2df347c27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c33b7dfb-82ad-4a7c-a84c-6e7e9849253b.json b/mobile-attack/relationship/relationship--c33b7dfb-82ad-4a7c-a84c-6e7e9849253b.json
new file mode 100644
index 0000000000..a5fa340936
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c33b7dfb-82ad-4a7c-a84c-6e7e9849253b.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--259c38c9-9325-4364-8fa9-c256e8cacfb4",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--c33b7dfb-82ad-4a7c-a84c-6e7e9849253b",
+            "created": "2023-08-14T16:35:55.610Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-14T16:35:55.610Z",
+            "description": "Many properly configured firewalls may naturally block one-way command and control traffic.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+            "target_ref": "attack-pattern--d916f176-a1ca-4a78-9fdd-4058bc28162e",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
index f7dab95f5f..751ea41bc8 100644
--- a/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
+++ b/mobile-attack/relationship/relationship--c340b30d-0ad5-4e90-94ce-b6a6b229a7c4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9aa204c-571d-4269-8ff9-36d7147539f0",
+    "id": "bundle--2d213d87-4b65-484b-8da3-5589b20b5c0f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json b/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json
index b1f6dcbf87..dc07fb1dc4 100644
--- a/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json
+++ b/mobile-attack/relationship/relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--a9a9e626-ed8f-4b20-829b-d4004b7803b6",
+    "id": "bundle--aa13be3b-f1d4-47af-ab15-1b5f920fef31",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c3439bdd-a0db-401b-97fd-5e2ec135a396",
             "created": "2023-03-20T18:40:12.814Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:40:12.814Z",
-            "description": "",
+            "modified": "2023-08-08T17:15:46.818Z",
+            "description": "The user can view a list of active device administrators in the device settings.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
index f28826a66b..4b52531b32 100644
--- a/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
+++ b/mobile-attack/relationship/relationship--c368c932-7d5a-40e3-a18b-f30e82b9e4e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4161a1ea-57a4-491a-8860-4fa222cd944f",
+    "id": "bundle--f77594e6-a372-469d-8134-9f092d4910b4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
index 7d0d9ed63c..1697d2d70c 100644
--- a/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
+++ b/mobile-attack/relationship/relationship--c374c9ce-ff30-4daa-bdec-8015a507746a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--62c668d0-d48f-4335-b2a5-95173a396adf",
+    "id": "bundle--b1952d3e-f02d-4571-ab53-24d90a7bbf32",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json b/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json
index 838dbcaa06..1351953ee9 100644
--- a/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json
+++ b/mobile-attack/relationship/relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--882f638e-ba2b-430d-9c3b-d12b76b1c9fc",
+    "id": "bundle--1b5f5557-ae52-4ca1-93fa-e38684733e14",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c393fe8f-5708-40eb-ada9-6ca0d9b16c7d",
             "created": "2023-03-15T16:34:51.794Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:34:51.794Z",
-            "description": "",
+            "modified": "2023-08-14T16:43:05.577Z",
+            "description": "Application vetting services could closely scrutinize applications that request Device Administrator permissions.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--e2c2249a-eb82-4614-8dd4-9c514dde65e2",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json b/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json
index 6d35503083..e069909f6f 100644
--- a/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json
+++ b/mobile-attack/relationship/relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--f4cbe397-cf14-413f-915b-f7fd5794ef52",
+    "id": "bundle--fe15dc52-b48b-4bf0-b5ab-b6210e25ab7a",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c3c0ff44-71bb-4774-a850-7b7c9dccb619",
             "created": "2023-03-20T18:44:04.803Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:44:04.803Z",
-            "description": "",
+            "modified": "2023-08-09T15:59:29.793Z",
+            "description": "On Android, users may be presented with a popup to select the appropriate application to open the URI in. If the user sees an application they do not recognize, they can remove it.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
             "target_ref": "attack-pattern--789ef15a-34d9-4b32-a779-8cbbc9eb32f5",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c3c2bf20-fa33-4af4-92ec-d60679e1d4ee.json b/mobile-attack/relationship/relationship--c3c2bf20-fa33-4af4-92ec-d60679e1d4ee.json
new file mode 100644
index 0000000000..4cabb58da6
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c3c2bf20-fa33-4af4-92ec-d60679e1d4ee.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--8bca6166-de90-4b38-8d62-78992e10ddc9",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--c3c2bf20-fa33-4af4-92ec-d60679e1d4ee",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:41:16.871Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--1f96d624-8409-4472-ad8a-30618ee6b2e2",
+            "target_ref": "attack-pattern--53263a67-075e-48fa-974b-91c5b5445db7",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
index 916f2896a4..fc22e069ad 100644
--- a/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
+++ b/mobile-attack/relationship/relationship--c41d817e-913e-4574-b8d4-370de9f0034b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--eff93d29-80d8-4796-8c8c-92e003f368f3",
+    "id": "bundle--69bdff55-7abc-4e19-b91f-7f72f192c446",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
index 60b4d28682..9cd28f18f7 100644
--- a/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
+++ b/mobile-attack/relationship/relationship--c43341e3-6fb9-46f1-8ea3-8daede1a4c77.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--99159dbd-c587-435a-afa7-c2c72211778d",
+    "id": "bundle--f354b19d-a686-42c1-90a9-7e1d0338dcf1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json b/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json
index 5b4c817d37..5c4689fda7 100644
--- a/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json
+++ b/mobile-attack/relationship/relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--b5a98c64-0964-43f5-8fd0-56ab18b9ebd1",
+    "id": "bundle--c34e9dad-fc08-4b33-9942-6cafd85ba297",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c438b973-c2f3-43fc-8312-2a5bbde4facb",
             "created": "2023-03-20T18:43:03.537Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:43:03.537Z",
-            "description": "",
+            "modified": "2023-08-08T21:11:29.381Z",
+            "description": "Mobile security products can detect which applications can request device administrator permissions. Application vetting services could look for use of APIs that could indicate the application is trying to hide activity.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json b/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json
index 95a07795ef..4a3c1439d0 100644
--- a/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json
+++ b/mobile-attack/relationship/relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--8e629f3e-0a04-47fe-a28c-beb1be2eafd6",
+    "id": "bundle--45b25705-0038-403a-a4b8-14ea7976992c",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c49bae52-63b4-4e5e-adfd-65a0e852ed76",
             "created": "2023-03-20T18:42:18.058Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:42:18.058Z",
-            "description": "",
+            "modified": "2023-08-08T21:12:52.481Z",
+            "description": "The user can view applications with administrator access through the device settings, and may also notice if user data is inexplicably missing. The user can see a list of applications that can use accessibility services in the device settings. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--0d4e3bbb-7af5-4c88-a215-0c0906bc1e8d",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
index c50c16615f..b3a78afc2e 100644
--- a/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
+++ b/mobile-attack/relationship/relationship--c49cdcb7-3cb8-40ed-a745-0cebad20b1fd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8188fc4-4b86-4f55-8eee-2656cc6a435f",
+    "id": "bundle--7f52f9da-c338-4dd4-9034-ba76ce8d6241",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c4d71eb8-2099-44b9-be45-758f9e6a771a.json b/mobile-attack/relationship/relationship--c4d71eb8-2099-44b9-be45-758f9e6a771a.json
new file mode 100644
index 0000000000..d5e0f0196f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c4d71eb8-2099-44b9-be45-758f9e6a771a.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4612941d-acd7-4043-a79c-ffb22e73b524",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--c4d71eb8-2099-44b9-be45-758f9e6a771a",
+            "created": "2023-10-10T15:33:57.823Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Securelist Asacub",
+                    "description": "T. Shishkova. (2018, August 28).  The rise of mobile banker Asacub. Retrieved December 14, 2020.",
+                    "url": "https://securelist.com/the-rise-of-mobile-banker-asacub/87591/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.823Z",
+            "description": "[Asacub](https://attack.mitre.org/software/S0540) has masqueraded as a client of popular free ads services.(Citation: Securelist Asacub)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a76b837b-93cc-417d-bf28-c47a6a284fa4",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
index 1cabd781e5..b7dd35cb27 100644
--- a/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
+++ b/mobile-attack/relationship/relationship--c4e73a6c-d523-4f3c-bcb6-200f63867fb4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e263fccb-d7da-4e6a-9c9e-ef419682b432",
+    "id": "bundle--c60fb639-453a-4a4d-a78f-be31b67aecd4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
index 21852d83f6..c574f8e5f7 100644
--- a/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
+++ b/mobile-attack/relationship/relationship--c50b4da7-f0e1-4f6d-969c-dbc739d49d7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3e83986c-a189-4483-aedb-a56ee6417a25",
+    "id": "bundle--dd0fa9f5-c1dc-4ca6-bd8c-03fa0d1ff4ea",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c53170a0-ca7f-4827-9c3c-1803ecd131f9.json b/mobile-attack/relationship/relationship--c53170a0-ca7f-4827-9c3c-1803ecd131f9.json
new file mode 100644
index 0000000000..9bc1e4f2ec
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c53170a0-ca7f-4827-9c3c-1803ecd131f9.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--0a7e83ae-669d-4c48-8494-bc94bbbefce4",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--c53170a0-ca7f-4827-9c3c-1803ecd131f9",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:41:33.832Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--831e3269-da49-48ac-94dc-948008e8fd16",
+            "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c546dd04-2060-44bf-ba1e-d1c1edc54687.json b/mobile-attack/relationship/relationship--c546dd04-2060-44bf-ba1e-d1c1edc54687.json
new file mode 100644
index 0000000000..a7ac8d6213
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c546dd04-2060-44bf-ba1e-d1c1edc54687.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--e62179c9-82f9-47cc-87be-a14bcc6f00bc",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--c546dd04-2060-44bf-ba1e-d1c1edc54687",
+            "created": "2023-10-10T15:33:58.973Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "CheckPoint SimBad 2019",
+                    "description": "Elena Root, Andrey Polkovnichenko. (2019, March 13). SimBad: A Rogue Adware Campaign On Google Play. Retrieved November 21, 2019.",
+                    "url": "https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.973Z",
+            "description": "[SimBad](https://attack.mitre.org/software/S0419) was embedded into legitimate applications.(Citation: CheckPoint SimBad 2019)",
+            "relationship_type": "uses",
+            "source_ref": "malware--f79c01eb-2954-40d8-a819-00b342f47ce7",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
index 152c9d0a5b..1041861989 100644
--- a/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
+++ b/mobile-attack/relationship/relationship--c574251b-93ad-4f55-8b84-2700dfab4622.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2f1aecbf-b743-4fbb-8580-2ee5bb3a8403",
+    "id": "bundle--085a78ee-1dc3-46a9-a293-022b397bf4a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
index ce3ad0ca81..73acd6e41a 100644
--- a/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
+++ b/mobile-attack/relationship/relationship--c58a26af-cc4c-41a2-b884-9a4fa8a2ad5c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a61698d7-3037-4f71-ae5e-aeda4330d7d0",
+    "id": "bundle--7b411000-81ab-4d59-8b45-b2cc308608ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
index 412cf6941e..856d34f822 100644
--- a/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
+++ b/mobile-attack/relationship/relationship--c5cb9fb4-2593-412f-82f8-a04a125bd429.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ec25dcb7-eaf8-44d7-a6b1-ea3292719b95",
+    "id": "bundle--1ca47336-8c0f-43af-8ca1-1823d459e875",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
index 920a4377a4..b42ff96079 100644
--- a/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
+++ b/mobile-attack/relationship/relationship--c5db5bb5-9877-43cd-8851-5aa62405dcb2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--782a5189-cb57-4e58-85d2-376ef359459b",
+    "id": "bundle--308d9f6c-f3ff-47e7-88c3-445b0dfff11c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json b/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json
index 010b430470..fafe1db531 100644
--- a/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json
+++ b/mobile-attack/relationship/relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--9eeeb4db-f1c1-41b5-87e2-03cfb7fe34f8",
+    "id": "bundle--4f0336e4-0dbe-480f-8d1b-ad180e182c9e",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c61c16a9-8d1a-4329-b784-ba71f8421b33",
             "created": "2023-03-20T19:00:09.608Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T19:00:09.608Z",
-            "description": "",
+            "modified": "2023-08-08T17:11:30.820Z",
+            "description": "Mobile security products integrated with Samsung Knox for Mobile Threat Defense can monitor processes to see if security tools are killed or stop running.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f",
             "target_ref": "attack-pattern--20b0931a-8952-42ca-975f-775bad295f1a",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
index 1147090358..a0d96ebd8c 100644
--- a/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
+++ b/mobile-attack/relationship/relationship--c6241ba3-e0f9-48a7-9ed7-a5544a090081.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4d205dc-b32c-469e-9f5d-4c8cd6c369c6",
+    "id": "bundle--5967ddb0-5641-42b1-bfc2-8633702f61d4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
index d55977d566..ce542cd0e3 100644
--- a/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
+++ b/mobile-attack/relationship/relationship--c6464a84-e23b-412f-b435-5b23853d3643.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7723da5b-f08b-46f3-8283-93677af276e1",
+    "id": "bundle--f5c79daf-c927-4a80-b9e7-679d05c8fceb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
index b6acc2be83..bfa8e32e53 100644
--- a/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
+++ b/mobile-attack/relationship/relationship--c65661a6-6047-4901-ac2c-3ca4b1bbbb28.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61b12e87-402a-40e7-b5ee-93915a589a61",
+    "id": "bundle--3267bdc3-ad68-4abd-b285-acd6ebc5fa51",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
index 76647e50ba..176c710a06 100644
--- a/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
+++ b/mobile-attack/relationship/relationship--c659256c-82e3-4f4c-ac70-3d2400cf6695.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1600d30d-34d3-45c5-a308-87f7a7560c47",
+    "id": "bundle--5116dfb2-ddb9-48f6-b0b7-32ec6b2c1784",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json b/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json
index 88e4373455..77884d8dea 100644
--- a/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json
+++ b/mobile-attack/relationship/relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--76937c9a-4f64-428c-8ca9-37b72365e850",
+    "id": "bundle--bfe1f8e2-7b0b-4929-adf2-c66af1ef710f",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c6a32f64-3105-4a94-8172-28ac0e10dd93",
             "created": "2023-03-20T18:21:59.396Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:21:59.396Z",
-            "description": "",
+            "modified": "2023-08-08T16:24:44.982Z",
+            "description": "Mobile security products may provide URL inspection services that could determine if a domain being visited is malicious.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c",
             "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
index c5e24fbb58..9d5400bf10 100644
--- a/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
+++ b/mobile-attack/relationship/relationship--c720fd30-5694-42b7-bf77-d948f7ba2b6f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--119a999f-3f3f-4e52-a540-959070d4d680",
+    "id": "bundle--9a6e843a-6e6c-425f-85c8-b1d7d969b0fb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json b/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json
index 7e6800e3fb..aba7acd1bb 100644
--- a/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json
+++ b/mobile-attack/relationship/relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--9b8b43d5-b589-4242-b094-eb845ce46783",
+    "id": "bundle--4325e469-c3be-4760-b031-7b2c1fe15db4",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c778593c-1583-48cc-a99d-0ac1b5b537e2",
             "created": "2023-03-20T18:48:39.857Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:48:39.857Z",
-            "description": "",
+            "modified": "2023-08-09T15:56:56.738Z",
+            "description": "On Android, the user can view and manage which applications have third-party keyboard access through the device settings in System -> Languages & input -> Virtual keyboard. On iOS, the user can view and manage which applications have third-party keyboard access through the device settings in General -> Keyboard. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json b/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json
index 80b4b3863e..fb5468c2bc 100644
--- a/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json
+++ b/mobile-attack/relationship/relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47.json
@@ -1,25 +1,32 @@
 {
     "type": "bundle",
-    "id": "bundle--68e85c94-adf2-4fb6-a800-40ed6f2f5fee",
+    "id": "bundle--4cd897ca-adf2-4b27-89dc-8cc238784792",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c78a3e66-b7aa-4feb-bc18-b8af77f27a47",
             "created": "2023-03-20T15:20:11.652Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Android-VerifiedBoot",
+                    "description": "Android. (n.d.). Verified Boot. Retrieved December 21, 2016.",
+                    "url": "https://source.android.com/security/verifiedboot/"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:20:11.652Z",
-            "description": "",
+            "modified": "2023-08-08T14:54:04.526Z",
+            "description": "Verified Boot can detect unauthorized modifications to the system partition.(Citation: Android-VerifiedBoot) Android\u2019s SafetyNet API provides remote attestation capabilities, which could potentially be used to identify and respond to compromised devices. Samsung Knox provides a similar remote attestation capability on supported Samsung devices.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--4f14e30b-8b57-4a7b-9093-2c0778ea99cf",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json b/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json
index b7669aef03..2752c27fb8 100644
--- a/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json
+++ b/mobile-attack/relationship/relationship--c7f876d4-99f2-41ac-993c-57a3f2b4e0eb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--418ba31f-48cf-4953-96e4-dbcf2b392e26",
+    "id": "bundle--41fcab82-bab8-42c7-a169-500659247bfd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
index cbbc19ca51..929922e9ec 100644
--- a/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
+++ b/mobile-attack/relationship/relationship--c81757a7-16b1-4b48-ae52-3d375f533dfd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2e83fc42-0dd0-4de1-b81e-02e538788fa9",
+    "id": "bundle--5d425c56-d7c2-4822-b681-d21404474fbe",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
index 52676c7584..66bcd4a3a2 100644
--- a/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
+++ b/mobile-attack/relationship/relationship--c83c84e8-a556-4efe-ae24-75970ee8ad4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--49afa55d-1db1-434e-b03f-6ef59bf3ea30",
+    "id": "bundle--7954b504-c5d8-4b47-a966-bec9a264a7b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
index 6dddf528dd..b9d15b5b84 100644
--- a/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
+++ b/mobile-attack/relationship/relationship--c8559423-10b0-4d5e-9057-65cbfd7ee1c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--71d0e8da-9296-4ef7-81c9-4aad959d6d1c",
+    "id": "bundle--99b393ad-9895-4e63-9beb-4e8f96808d3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
index 0a21a6f28b..67ba19abfc 100644
--- a/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
+++ b/mobile-attack/relationship/relationship--c86918a3-6e41-4dfb-8b18-650fff596801.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f8d0a2ce-c475-46bc-8d62-5bb69be9f749",
+    "id": "bundle--4d553ab7-1006-45a3-8b54-29ee360c02b8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json b/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json
index 70951a72f2..f493fe8fdf 100644
--- a/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json
+++ b/mobile-attack/relationship/relationship--c89d6493-3f33-4568-ac77-ba13b206ae69.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--6976a399-7697-4493-9c9a-66489f611e92",
+    "id": "bundle--6ca6a7d8-9d4d-4634-a8fb-f76d4f06a3af",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c89d6493-3f33-4568-ac77-ba13b206ae69",
             "created": "2023-03-20T18:52:24.667Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:52:24.667Z",
-            "description": "",
+            "modified": "2023-08-08T22:24:12.960Z",
+            "description": "The user can view applications with administrator access through the device settings, and may also notice if user data is inexplicably missing. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--ab7400b7-3476-4776-9545-ef3fa373de63",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
index 434f0675e1..6ff028599f 100644
--- a/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
+++ b/mobile-attack/relationship/relationship--c89f8f8d-222b-4b83-9fa4-47fd716a271f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88cfb2f3-9092-43bd-a885-21410d24a9a2",
+    "id": "bundle--ed586875-c380-4b29-9602-b743822806b2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json b/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json
index ad9dc187da..9e998cc3e6 100644
--- a/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json
+++ b/mobile-attack/relationship/relationship--c8d0d360-eb9e-4fb4-97a2-efaf6d4f1059.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a4c1735-c663-4b6e-a53b-32020ede28a1",
+    "id": "bundle--86efd7d0-200b-47b5-bea3-ca2d16e39ed3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
index e5c743936c..200563a305 100644
--- a/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
+++ b/mobile-attack/relationship/relationship--c90bfd4c-3c7e-4528-b5f6-574ef29ecdc9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c3306110-afc8-41ba-a46c-e05f3cae686b",
+    "id": "bundle--d54aa49b-684d-47fa-b50e-ffd0929d7907",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json b/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json
index f0fe7b9a01..35f34d6105 100644
--- a/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json
+++ b/mobile-attack/relationship/relationship--c943d462-fea7-4c01-88b2-de134153095b.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--a561630f-bab0-4d17-b487-c99851cd3b52",
+    "id": "bundle--5e5f5ab8-90c6-4c6c-b33f-10d17aa1fbdc",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--c943d462-fea7-4c01-88b2-de134153095b",
             "created": "2023-03-20T18:56:37.473Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:56:37.473Z",
-            "description": "",
+            "modified": "2023-08-10T22:09:50.728Z",
+            "description": "Application vetting services typically flag permissions requested by an application, which can be reviewed by an administrator. Certain dangerous permissions, such as `RECEIVE_SMS`, could receive additional scrutiny.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--11c2c2b7-1fd4-408f-bc2e-fe772ef9df5e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
index ea34f79faa..0cc7e0f311 100644
--- a/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
+++ b/mobile-attack/relationship/relationship--c96c3405-1d9b-46e4-8f57-a6c49eb68a31.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--38825380-2342-4389-bf5b-de1c9ea6b538",
+    "id": "bundle--c408fbe4-37c9-4933-a8c4-af3ab666e636",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c9769c36-d89b-40eb-92cb-8faa7d37a140.json b/mobile-attack/relationship/relationship--c9769c36-d89b-40eb-92cb-8faa7d37a140.json
new file mode 100644
index 0000000000..c79b7b0abd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--c9769c36-d89b-40eb-92cb-8faa7d37a140.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--c952401f-8f3c-4f77-a043-41ba27a809d3",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--c9769c36-d89b-40eb-92cb-8faa7d37a140",
+            "created": "2023-09-25T19:54:37.211Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-25T19:54:37.211Z",
+            "description": "When devices are enrolled in an EMM/MDM using device owner (iOS) or fully managed (Android) mode, the EMM/MDM can collect a list of installed applications on the device. An administrator can then act on, for example blocking, specific remote access applications from being installed on managed devices. ",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--649f7268-4c12-483b-ac84-4b7bca9fe2ee",
+            "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
index 5e0b152413..c29f0cfe66 100644
--- a/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
+++ b/mobile-attack/relationship/relationship--c9b3d86a-9c5e-4fe3-9c1c-dbd0bb89a74b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0e3cb9c6-a114-4148-835d-073c3987a2d0",
+    "id": "bundle--e6a88ae9-eedc-445f-8f05-adc4e7cb5786",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
index e9fed53261..6d4dbb6a7a 100644
--- a/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
+++ b/mobile-attack/relationship/relationship--c9c22e0d-c427-42ef-ae76-beb8ae9f6bf2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb68dd26-7367-441e-91d4-0b02bd621d04",
+    "id": "bundle--3f90ccaa-b759-465d-9fdf-476985b7f274",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json b/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json
index 4e20419567..f97bf10584 100644
--- a/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json
+++ b/mobile-attack/relationship/relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--c79e2dbd-edef-489a-8861-467f33e1cea9",
+    "id": "bundle--a35c43fc-3132-432e-ae48-d1b20c37accb",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--ca0d9894-0c37-4a34-9b24-1887b7cd1106",
             "created": "2023-03-15T16:26:38.465Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:26:38.465Z",
-            "description": "",
+            "modified": "2023-08-09T15:29:35.623Z",
+            "description": "Application vetting services can look for applications requesting the `BIND_NOTIFICATION_LISTENER_SERVICE` permission in a service declaration. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
index 27e3c712dd..06ab997d8a 100644
--- a/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
+++ b/mobile-attack/relationship/relationship--ca486783-9413-4f39-8d2f-3adcb3e79127.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a7c1f134-c74b-41ca-8018-4fc69761ed82",
+    "id": "bundle--b24005db-662d-4af3-a473-f4c3ee69faf6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
index 8bfde4d2da..b6028aeeda 100644
--- a/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
+++ b/mobile-attack/relationship/relationship--ca4eb452-4a2f-41d7-a015-81f43e96737e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c289fd2b-f0e4-452b-91b9-cfeb22d12902",
+    "id": "bundle--6cc70bdb-1b4e-47fe-9bcc-5a0a87d95ee2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca568149-9971-4d15-b3db-ff7dabd49695.json b/mobile-attack/relationship/relationship--ca568149-9971-4d15-b3db-ff7dabd49695.json
new file mode 100644
index 0000000000..e90eff9e2e
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ca568149-9971-4d15-b3db-ff7dabd49695.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--3574b08e-ebbd-459b-860c-2bca32b7014d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ca568149-9971-4d15-b3db-ff7dabd49695",
+            "created": "2023-07-21T19:37:16.030Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:37:16.030Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can capture keystrokes.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
index 90f46d3aa5..7e7ec9ab76 100644
--- a/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
+++ b/mobile-attack/relationship/relationship--ca8c38e6-8343-4f5e-929d-2759a0d49d59.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c59584e-8a1f-4ae7-ab56-06ca0f75ba18",
+    "id": "bundle--1f28300a-3503-422b-b0b4-c4246754f15d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
index b3f648486f..b57b8559e2 100644
--- a/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
+++ b/mobile-attack/relationship/relationship--ca9e5e50-49e9-44cc-a0a4-4ec8633a9506.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0add1408-981d-411a-a7be-59c298bf10b9",
+    "id": "bundle--746e4a6e-6448-4ab4-b846-37c43cf4bfdd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
index 245884cd46..a1a9ca33c9 100644
--- a/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
+++ b/mobile-attack/relationship/relationship--cacc0b72-9d73-4381-90e9-545ba908722c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98b785fe-f7ed-4886-9161-14e146e65e49",
+    "id": "bundle--02f4265a-28ca-4cb6-a92f-c19b3f24fb27",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cb5465c0-a577-45b1-becf-305e0bd47497.json b/mobile-attack/relationship/relationship--cb5465c0-a577-45b1-becf-305e0bd47497.json
new file mode 100644
index 0000000000..cd1dadbf43
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cb5465c0-a577-45b1-becf-305e0bd47497.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--8145b2d1-63fa-4f22-9cd1-411e42f29c44",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cb5465c0-a577-45b1-becf-305e0bd47497",
+            "created": "2023-08-23T22:49:18.075Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-23T22:49:18.075Z",
+            "description": "[Anubis](https://attack.mitre.org/software/S0422) may prevent malware's uninstallation by abusing Android\u2019s ` performGlobalAction(int)` API call.",
+            "relationship_type": "uses",
+            "source_ref": "malware--a3c59d82-2c7c-44e5-a869-68e0a3e5935e",
+            "target_ref": "attack-pattern--dc01774a-d1c1-45fb-b506-0a5d1d6593d9",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cb5a81bb-a3c6-4d7c-836c-c0bd6227b48f.json b/mobile-attack/relationship/relationship--cb5a81bb-a3c6-4d7c-836c-c0bd6227b48f.json
new file mode 100644
index 0000000000..1d1c90f591
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cb5a81bb-a3c6-4d7c-836c-c0bd6227b48f.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--1a095268-65e2-4ef9-b950-866564ec40e1",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cb5a81bb-a3c6-4d7c-836c-c0bd6227b48f",
+            "created": "2023-07-21T19:42:12.649Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:42:12.649Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can inject malicious packages into applications already existing on an infected device.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--d3bc5020-f6a2-41c0-8ccb-5e563101b60c",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
index 6a4f1568f4..c717a15c84 100644
--- a/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
+++ b/mobile-attack/relationship/relationship--cb80178a-5f9c-41bd-95a2-a7c5fe23c12c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--898a3992-4899-464a-9f15-96b5b0715f03",
+    "id": "bundle--dd7cfe84-1d9f-4a98-8d8f-12d76083618b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cbb07bef-f1da-41f6-b786-4a255e8bf985.json b/mobile-attack/relationship/relationship--cbb07bef-f1da-41f6-b786-4a255e8bf985.json
new file mode 100644
index 0000000000..faddd31893
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cbb07bef-f1da-41f6-b786-4a255e8bf985.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--2ab0aa0e-cfa4-441c-9e2a-e8834a3f7d28",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cbb07bef-f1da-41f6-b786-4a255e8bf985",
+            "created": "2023-08-04T18:34:07.176Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:34:07.176Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate compressed ZIP files containing gathered info to C2 infrastructure.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--32063d7f-0a39-440d-a4a3-2694488f96cc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
index 3dd685fb68..676ca0bed5 100644
--- a/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
+++ b/mobile-attack/relationship/relationship--cbb48fa1-0677-4a07-bdbf-eda1827e52f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cbe31d03-ad6d-4a7b-bc64-e0b665477b87",
+    "id": "bundle--ca16603a-4079-48bf-8f5c-440a6f691acf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
index 54fc93e8e7..1a8455ac6b 100644
--- a/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
+++ b/mobile-attack/relationship/relationship--cbf17fea-141e-44b8-831c-b3cc41066420.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3119e49b-3e43-4f81-890a-e325a5ca1f4f",
+    "id": "bundle--992cdfd9-16e7-4df6-922e-98c5a16bc8eb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc0b8984-f561-4453-a2be-9be8bd62561e.json b/mobile-attack/relationship/relationship--cc0b8984-f561-4453-a2be-9be8bd62561e.json
new file mode 100644
index 0000000000..0c0ee2bfd7
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cc0b8984-f561-4453-a2be-9be8bd62561e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--8b6104ae-7ac7-43d3-8d65-a00a84f47fad",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cc0b8984-f561-4453-a2be-9be8bd62561e",
+            "created": "2023-09-28T17:21:45.855Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:21:45.855Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can monitor a device\u2019s notifications.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--39dd7871-f59b-495f-a9a5-3cb8cc50c9b2",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json b/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json
index 5e03e891cb..d4266b5dfb 100644
--- a/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json
+++ b/mobile-attack/relationship/relationship--cc345ae4-0d60-4f21-98b3-596c15118745.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1285838e-49d6-412b-a08b-560db5b18dcf",
+    "id": "bundle--f333ae48-eb53-4323-ad9f-f313dc43464c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
index 783587d3dd..dc108e7018 100644
--- a/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
+++ b/mobile-attack/relationship/relationship--cc3cf438-7206-46df-a4a4-999472ea6a9a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ba03aee-3990-4e86-a13b-6edd9abaa2e7",
+    "id": "bundle--d34d553c-bbba-4008-a5dc-f54e90806c70",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
index 40bf5feeb3..9c7dd1f068 100644
--- a/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
+++ b/mobile-attack/relationship/relationship--cc49561f-8364-4908-9111-ad3a6dcd922c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--246bc022-824a-46c9-be66-a0978b7dc973",
+    "id": "bundle--55053390-0b18-4a9f-93a4-6d896593069e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
index 0d63bd9a84..01cddf887e 100644
--- a/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
+++ b/mobile-attack/relationship/relationship--cc4ae06f-0258-4fe9-b63a-334d283e766d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e6c73446-b9b5-4cd4-a080-dd2f9ff9de43",
+    "id": "bundle--8317d787-9420-43be-aa35-fd9cb7a89d42",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
index f386ade7e1..c388bf289a 100644
--- a/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
+++ b/mobile-attack/relationship/relationship--cc81b56c-cf73-4307-b950-e80246985195.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f17eba8d-1e4e-4f64-a1d7-d6f06e906560",
+    "id": "bundle--39c475c3-801c-40ec-9c11-5f512b511dfa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ccb6f906-a785-4695-91a5-f1bc210892dc.json b/mobile-attack/relationship/relationship--ccb6f906-a785-4695-91a5-f1bc210892dc.json
new file mode 100644
index 0000000000..95813de40d
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ccb6f906-a785-4695-91a5-f1bc210892dc.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--fb410f9f-477a-4931-91ce-c7e0e41850af",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ccb6f906-a785-4695-91a5-f1bc210892dc",
+            "created": "2023-08-04T18:35:55.269Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:35:55.269Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate collected data as a ZIP file.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--e3b936a4-6321-4172-9114-038a866362ec",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
index 6c9f3e9551..94e1e1bf88 100644
--- a/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
+++ b/mobile-attack/relationship/relationship--cce5d90f-edff-454d-bafa-caf33b71ed6c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c0707c3-67f6-4a59-aafa-8fe7b398f44a",
+    "id": "bundle--92235772-86f4-4f5a-911e-d6fd9d7bd149",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
index 2b14996e2c..056e085158 100644
--- a/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
+++ b/mobile-attack/relationship/relationship--cce82a76-5390-473d-9e7c-9450d1509d1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52e36440-0251-4574-ac23-0d1dd4079612",
+    "id": "bundle--090c3bcd-6b43-4548-b1a4-59765c7d342d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
index 5525d778f2..28149e4311 100644
--- a/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
+++ b/mobile-attack/relationship/relationship--ccfffa97-17fd-4826-9a16-c9d8174fb8ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2a23efd3-7123-49ef-b1c3-b614802243ea",
+    "id": "bundle--cdcde8e5-7aa6-481e-926b-bab47a4d845e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
index e3b8b86bdf..44154c9d80 100644
--- a/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
+++ b/mobile-attack/relationship/relationship--cd0f76da-ea06-4710-ab1d-53a7e29a6328.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14262ac0-83c0-42e1-916e-52ace8732382",
+    "id": "bundle--40a36fa2-1ce9-4b21-8726-11550708b022",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
index 584ad05a79..1496586134 100644
--- a/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
+++ b/mobile-attack/relationship/relationship--cd503879-ccb4-4d47-af5a-90fe7e37c438.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--711652e5-9bc2-4700-9dd3-66403c43e597",
+    "id": "bundle--58d1257e-c38a-441a-8f33-b534b926bb90",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
index eb77d5c0f4..827d473978 100644
--- a/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
+++ b/mobile-attack/relationship/relationship--cd6a9777-a8fd-43ca-91dc-cafc7d4b7df3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2fe3ef05-9924-4618-a908-964aa0cab30a",
+    "id": "bundle--d1427ac2-9516-4836-a0ce-bc274e858511",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
index cd6b0baebc..ce8895cc81 100644
--- a/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
+++ b/mobile-attack/relationship/relationship--cd7a2294-1e14-42e8-b870-d99d73443b88.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67f7f438-62bd-4daf-9276-7fddc5fa0508",
+    "id": "bundle--3ae06046-6bcd-4387-9d8c-ddd2da613baa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json b/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json
index e8bf622bc1..5003962bd4 100644
--- a/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json
+++ b/mobile-attack/relationship/relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--131b2744-2ed5-45f4-a92f-af4995d66b44",
+    "id": "bundle--ea05edd2-4418-45cd-abdf-503e4609f299",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--cd8c383a-2a62-45e5-917f-a26efe5ba03c",
             "created": "2023-03-20T18:51:29.814Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:51:29.814Z",
-            "description": "",
+            "modified": "2023-08-08T17:08:59.640Z",
+            "description": "Application vetting services could potentially detect the usage of APIs intended for suppressing the application\u2019s icon.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--f05fc151-aa62-47e3-ae57-2d1b23d64bf6",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json b/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json
index 474f3f6c16..3e9a1e53bf 100644
--- a/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json
+++ b/mobile-attack/relationship/relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--4a73ed9d-a7a7-4f51-83db-f4fb8ab981b5",
+    "id": "bundle--34534bf8-91a4-49dc-94ce-88bf7618e5e8",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--cd9e8334-2ff6-4f64-993f-4e11a68ef7ca",
             "created": "2023-03-20T18:58:19.895Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:58:19.895Z",
-            "description": "",
+            "modified": "2023-08-09T16:34:37.498Z",
+            "description": "Google sends a notification to the device when Android Device Manager is used to locate it. Additionally, Google provides the ability for users to view their general account activity and alerts users when their credentials have been used on a new device. Apple iCloud also provides notifications to users of account activity such as when credentials have been used. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
             "target_ref": "attack-pattern--9ef05e3d-52db-4c12-be4f-519214bbe91f",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
index 035ad78b87..16c160e849 100644
--- a/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
+++ b/mobile-attack/relationship/relationship--cda58372-ae70-4716-8baf-cc06cb884ad6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ac4b88f8-2c5a-4012-9085-fa38f0880286",
+    "id": "bundle--6c0681a9-57a0-4a93-9c70-e41e57ce4cee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
index ca76a26d7a..75b64831c3 100644
--- a/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
+++ b/mobile-attack/relationship/relationship--cdb9788e-7d16-482e-92b6-cbde0b3de357.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0268788a-a5f8-42e3-82a2-28aa6571af9f",
+    "id": "bundle--3e541808-7bef-4611-aa79-ba5d55c0b27d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
index ef6e8770bc..56bde0fdd2 100644
--- a/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
+++ b/mobile-attack/relationship/relationship--cde60121-3d7c-47c8-abeb-582854425599.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--84cd55c7-84f8-4f5d-88f7-e13afa27d5c3",
+    "id": "bundle--3ca52347-053a-4823-9364-0ca923f4692c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cdf06664-903e-499b-86b4-b7bcce3c0740.json b/mobile-attack/relationship/relationship--cdf06664-903e-499b-86b4-b7bcce3c0740.json
new file mode 100644
index 0000000000..5bc267b0ee
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cdf06664-903e-499b-86b4-b7bcce3c0740.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--388f8524-1120-4279-9d24-5773584692d5",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cdf06664-903e-499b-86b4-b7bcce3c0740",
+            "created": "2023-09-28T17:20:27.451Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:20:27.451Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can modify, send, and delete SMS messages.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--b327a9c0-e709-495c-aa6e-00b042136e2b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
index ea6094b479..6ce3e7eae0 100644
--- a/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
+++ b/mobile-attack/relationship/relationship--ce26f077-c47a-4185-8ed7-ec0d9ae2b625.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67779961-ea60-420a-9fad-f18cd4039b30",
+    "id": "bundle--ce6bc9c3-eaee-4d8b-8f65-dfcbe2b94272",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
index 8d9e3115ca..16835a2dfc 100644
--- a/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
+++ b/mobile-attack/relationship/relationship--ce51f1b3-7813-4517-bbcf-7ae8abf6d2ef.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf918f6b-14ad-4aef-9b3e-3ca49def2794",
+    "id": "bundle--4724d761-1343-4037-8ba8-067d5363fae9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json b/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json
index e20acd5975..1246c7975e 100644
--- a/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json
+++ b/mobile-attack/relationship/relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--3fc7a397-fba8-4eec-9098-4aa2954d5d49",
+    "id": "bundle--bb5ede2e-0347-4160-90cb-d1c3a1153c95",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--ce5f506a-8fc9-40a2-a78e-96796c896f1b",
             "created": "2023-03-20T15:56:47.307Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:56:47.307Z",
-            "description": "",
+            "modified": "2023-08-08T15:31:45.237Z",
+            "description": "The user can see which applications are registered as device administrators in the device settings.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
index 1f53216faf..64072c050b 100644
--- a/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
+++ b/mobile-attack/relationship/relationship--ce645a25-160f-443d-b288-fdd108b78a06.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5a07ed10-44cb-4b3f-8b65-81946118065d",
+    "id": "bundle--756157ca-ebea-4409-a2bf-72afc3f58b65",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
index 24d0a6cc57..57d2091a23 100644
--- a/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
+++ b/mobile-attack/relationship/relationship--ce6c7f21-91a5-4d63-bd03-a6b57e025afe.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5e1092f2-8f27-41f9-990d-739388a42581",
+    "id": "bundle--7a7cc0e6-f141-4d76-ac0f-a94d1eb93651",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
index 0218b4e6ef..7e8401bafe 100644
--- a/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
+++ b/mobile-attack/relationship/relationship--ce8cc50a-f3c9-4a6a-b6be-f3e8bdd293bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--404001f3-4bcc-4aac-8b6c-dc8f9d8bd384",
+    "id": "bundle--9de20d7d-8ede-4481-a350-85df2e452de0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
index 93d07b24e4..5096d7ed5a 100644
--- a/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
+++ b/mobile-attack/relationship/relationship--cea30219-a255-43ae-b731-9512c5044523.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66375a6f-397b-496f-a124-a3014821f93f",
+    "id": "bundle--4769e2ee-f7ad-4326-806a-b7e3d8f50e0b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
index 05cec08b6e..fb53010ae4 100644
--- a/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
+++ b/mobile-attack/relationship/relationship--ced70cea-b2ac-45b8-9f7d-779eedbdf06c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2303076a-6c9f-4feb-bd9c-67924c75c4d6",
+    "id": "bundle--de4487d5-98b6-44f6-b7de-04d0e4b05dcb",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
index 2a4891fed2..62161be622 100644
--- a/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
+++ b/mobile-attack/relationship/relationship--cf26d49c-1d1b-4861-9d6e-959f4f15b73a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--95892dca-eb8e-437e-8590-68abdc1f24c2",
+    "id": "bundle--f2012c2e-a17f-4faa-af0b-0d506520fb55",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf2cfc6e-896a-4c99-b286-41f8dbd6fa4c.json b/mobile-attack/relationship/relationship--cf2cfc6e-896a-4c99-b286-41f8dbd6fa4c.json
new file mode 100644
index 0000000000..83976eeb1e
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cf2cfc6e-896a-4c99-b286-41f8dbd6fa4c.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--fa5e8112-40e6-47f4-b7a1-5cd645a298c6",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cf2cfc6e-896a-4c99-b286-41f8dbd6fa4c",
+            "created": "2023-09-28T17:21:26.448Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:21:26.448Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can use VNC to remotely control an infected device.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
index 7eac623a89..f09e5db9e5 100644
--- a/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
+++ b/mobile-attack/relationship/relationship--cf4243f5-562a-457f-bb15-d45a2047f7ca.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--990ac177-d696-4581-b3d0-b6a69ed6ba7e",
+    "id": "bundle--3318078c-1bf7-4257-8d70-478a2d077932",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json b/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json
index d27da81dc6..3d93abea8f 100644
--- a/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json
+++ b/mobile-attack/relationship/relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--f47da6fd-bf07-4be4-9f84-499f1cf1269d",
+    "id": "bundle--a5abac13-4e09-46f7-9ac9-1d113b6e6143",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--cf4fe189-58cf-42aa-89c7-75bd0a83a263",
             "created": "2023-03-15T16:23:59.107Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:23:59.107Z",
-            "description": "",
+            "modified": "2023-08-08T15:29:32.423Z",
+            "description": "When an application requests administrator permission, the user is presented with a popup and the option to grant or deny the request. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
             "target_ref": "attack-pattern--08ea902d-ecb5-47ed-a453-2798057bb2d3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--cf696296-751a-41e5-a9b0-907c7b991b2a.json b/mobile-attack/relationship/relationship--cf696296-751a-41e5-a9b0-907c7b991b2a.json
new file mode 100644
index 0000000000..79201ee6e4
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cf696296-751a-41e5-a9b0-907c7b991b2a.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--0846921b-bb88-47f7-8234-00efb4aab4bd",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cf696296-751a-41e5-a9b0-907c7b991b2a",
+            "created": "2023-09-22T19:14:54.719Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T19:14:54.719Z",
+            "description": "Application vetting services may detect API calls for deleting files.  ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+            "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cf879fe8-9c31-48de-9e49-668d6cda67c5.json b/mobile-attack/relationship/relationship--cf879fe8-9c31-48de-9e49-668d6cda67c5.json
new file mode 100644
index 0000000000..86c88ff203
--- /dev/null
+++ b/mobile-attack/relationship/relationship--cf879fe8-9c31-48de-9e49-668d6cda67c5.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--698ded9e-2caa-43e2-ab38-3289d0d5d92c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--cf879fe8-9c31-48de-9e49-668d6cda67c5",
+            "created": "2023-07-12T20:35:36.527Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-12T20:35:36.527Z",
+            "description": "Users should be encouraged to only install apps from authorized app stores, which are less likely to contain malicious repackaged apps.",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+            "target_ref": "attack-pattern--f856eaab-e84a-4265-a8a2-7bf37e5dc2fc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
index ff21c429ea..5e083d5528 100644
--- a/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
+++ b/mobile-attack/relationship/relationship--cfa1d194-7401-46ba-bfed-5f311aeb22d3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a9852224-bf29-48c6-8d36-925901411c73",
+    "id": "bundle--ab149d94-993e-4967-8784-efa05acfe447",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
index e6b6bfad73..5cf18a106f 100644
--- a/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
+++ b/mobile-attack/relationship/relationship--d01b311d-8741-4b58-b127-88fecb2b0544.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fe658079-9626-4d3f-a48e-40d08f4bd243",
+    "id": "bundle--d3dcb326-7606-4ff7-94c2-01c10e67e029",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d0669f8d-0aa2-416f-9ec4-a991a2000d3e.json b/mobile-attack/relationship/relationship--d0669f8d-0aa2-416f-9ec4-a991a2000d3e.json
new file mode 100644
index 0000000000..903dba4031
--- /dev/null
+++ b/mobile-attack/relationship/relationship--d0669f8d-0aa2-416f-9ec4-a991a2000d3e.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--d5c5dc29-6d1d-4a03-a56c-500661ebaf17",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--d0669f8d-0aa2-416f-9ec4-a991a2000d3e",
+            "created": "2023-09-21T19:37:30.610Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T19:37:30.610Z",
+            "description": "Some mobile security products offer a loopback VPN used for inspecting traffic. This could proactively block traffic to websites that are known for phishing or appear to be conducting a phishing attack.",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--78671282-26aa-486c-a7a5-5921e1616b58",
+            "target_ref": "attack-pattern--defc1257-4db1-4fb3-8ef5-bb77f63146df",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
index e8d1a1cb12..8d5507bd04 100644
--- a/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
+++ b/mobile-attack/relationship/relationship--d09a4d42-45bd-4b2a-aef4-3aa3982115ad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--46900ea4-3ac4-4a9a-8c4e-8cd5becf195f",
+    "id": "bundle--7911e446-8730-44c7-bca4-849cd1f5e8f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
index b6dab9b252..c0a12a5f63 100644
--- a/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
+++ b/mobile-attack/relationship/relationship--d09abcd8-49bf-4d0f-8b17-0db7ada10ec2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1c3a25b-9ccb-4c46-8173-81329d895674",
+    "id": "bundle--17714a3c-3ad2-4b60-840c-d4a0503e6925",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
index b28a7b78a2..7f05e45e5b 100644
--- a/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
+++ b/mobile-attack/relationship/relationship--d0c039cb-c815-4d9c-a100-a45f923bc65b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--076cbc1c-b0d2-4c9c-8933-fcd0813425da",
+    "id": "bundle--39f3e12a-43ee-48d7-a841-cb242751d152",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
index 701b5d4ad6..0a24a24417 100644
--- a/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
+++ b/mobile-attack/relationship/relationship--d0c21324-62e3-46e5-823b-ea0c03a4885d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fb595a57-16b9-406a-9e02-1ff48f780cf3",
+    "id": "bundle--701d8344-a894-460a-9e3c-9797f875d4cc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
index 0564686523..66cfeb279a 100644
--- a/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
+++ b/mobile-attack/relationship/relationship--d1318f71-7f70-4820-a3fc-0d05af038733.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7adf2ea7-940e-4cd1-8079-75bc797c765c",
+    "id": "bundle--c19a3864-d06e-4305-aa21-8c25b115f412",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
index 3fda97b2fa..2d5f0c75a2 100644
--- a/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
+++ b/mobile-attack/relationship/relationship--d13724d0-a5e2-433b-86bf-ead04359edec.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e3f66434-e900-4f86-8dda-60916ed0dfb9",
+    "id": "bundle--3bacb1f3-9739-4373-93cf-be518f120d38",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json b/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json
index cbf3d73c56..37aa70c914 100644
--- a/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json
+++ b/mobile-attack/relationship/relationship--d170a088-b115-4a86-b093-8aa32666a470.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d9868a97-9c50-4046-aac3-4d00169b9883",
+    "id": "bundle--088a5770-111f-4bf1-8ea1-61766c01078d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--d170a088-b115-4a86-b093-8aa32666a470",
             "created": "2023-03-15T16:39:55.148Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-15T16:39:55.148Z",
-            "description": "",
+            "modified": "2023-08-10T21:04:21.890Z",
+            "description": "On both Android and iOS, the user must grant consent to an application to act as a VPN. Both platforms also provide visual context to the user in the top status bar when a VPN connection is active. The user can see registered VPN services in the device settings. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456",
             "target_ref": "attack-pattern--08e22979-d320-48ed-8711-e7bf94aabb13",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json b/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json
index a4f0193d58..7270b54a45 100644
--- a/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json
+++ b/mobile-attack/relationship/relationship--d1e11627-23e4-40f3-bcbc-2b832b0bbaa3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c5deda3-2a2c-4e1d-bb98-0d776270a86c",
+    "id": "bundle--38704cf1-4fd2-462a-b5da-334f0f6a8824",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d22be48b-90fa-4dba-ab6f-f3ad5e08c03e.json b/mobile-attack/relationship/relationship--d22be48b-90fa-4dba-ab6f-f3ad5e08c03e.json
new file mode 100644
index 0000000000..cee997701a
--- /dev/null
+++ b/mobile-attack/relationship/relationship--d22be48b-90fa-4dba-ab6f-f3ad5e08c03e.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--7f1bbb1f-2bf8-4a7d-935d-1ee226c3f17c",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--d22be48b-90fa-4dba-ab6f-f3ad5e08c03e",
+            "created": "2023-09-22T19:15:22.670Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-22T19:15:22.670Z",
+            "description": "Mobile security products can detect which applications can request device administrator permissions. Application vetting services could be extra scrutinous of applications that request device administrator permissions.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
+            "target_ref": "attack-pattern--9ef14445-6f35-4ed0-a042-5024f13a9242",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
index c1a65e5ed5..1f5e774f4d 100644
--- a/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
+++ b/mobile-attack/relationship/relationship--d22d309b-ab00-4f17-b6bf-7706f499cc5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40e70bf0-d7c2-4449-8389-d48977209e43",
+    "id": "bundle--26c1c4b1-585b-4cf6-808a-22c41092d36b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
index aea044096f..b1218b5e79 100644
--- a/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
+++ b/mobile-attack/relationship/relationship--d22f2c45-d6fa-419a-8f25-65ea37529ccc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--587913a1-4534-4bff-8249-2c43c0b9eb9a",
+    "id": "bundle--16216cb5-92a0-4c8c-b6cb-16a2a7775344",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
index b9235a4248..8bd58f15f7 100644
--- a/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
+++ b/mobile-attack/relationship/relationship--d2749285-47d9-44a4-962f-9215e6fb580e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--afa71c8e-434c-4f3a-9705-843f33221663",
+    "id": "bundle--566ed5d4-7961-462b-bafc-fa4873a9a16f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
index 19b9c162ff..ddf896effb 100644
--- a/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
+++ b/mobile-attack/relationship/relationship--d2d7476e-66a4-4d46-877c-6e80678bbb38.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--54d1569c-cb0f-40c7-b2e0-aea28d1af3f0",
+    "id": "bundle--5b35782b-0011-4e5b-8fda-50b15873fe29",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
index 86f8e00e0a..ff6ed5200a 100644
--- a/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
+++ b/mobile-attack/relationship/relationship--d300eb82-5ca0-48aa-a45f-d34242545e27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--aca36d1e-d468-4c39-8537-768341d88471",
+    "id": "bundle--1737a8dd-f33f-4bbf-b8be-7374c1cfe3ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
index ce6cb9e18b..80968e1986 100644
--- a/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
+++ b/mobile-attack/relationship/relationship--d32003ba-959b-4377-aa04-f75275c32abf.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1824d1c-992b-4d28-9378-6cdefe2bd0a1",
+    "id": "bundle--56c0a4a0-9254-4bce-b26b-29d5a0ca3514",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
index 3cc087689c..3b75ffef91 100644
--- a/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
+++ b/mobile-attack/relationship/relationship--d358ac0b-4c67-44e3-939b-24cd36d3c3fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8d7eea05-7223-4c47-8462-da7cbb841e2f",
+    "id": "bundle--0359556f-1320-4ff6-a0e9-6399a4630ef3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d39ceb9c-ef0c-4820-b363-dc8ce0f0d00c.json b/mobile-attack/relationship/relationship--d39ceb9c-ef0c-4820-b363-dc8ce0f0d00c.json
new file mode 100644
index 0000000000..55ca082f2f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--d39ceb9c-ef0c-4820-b363-dc8ce0f0d00c.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--6c37d553-2c6f-4191-9ec7-0a19fb720638",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--d39ceb9c-ef0c-4820-b363-dc8ce0f0d00c",
+            "created": "2023-10-10T15:33:58.621Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Cybereason FakeSpy",
+                    "description": "O. Almkias. (2020, July 1). FakeSpy Masquerades as Postal Service Apps Around the World. Retrieved September 15, 2020.",
+                    "url": "https://www.cybereason.com/blog/fakespy-masquerades-as-postal-service-apps-around-the-world"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.621Z",
+            "description": "[FakeSpy](https://attack.mitre.org/software/S0509) masquerades as local postal service applications.(Citation: Cybereason FakeSpy)",
+            "relationship_type": "uses",
+            "source_ref": "malware--838f647e-8ff8-48bd-bbd5-613cee7736cb",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
index 3774d58438..c278093ba6 100644
--- a/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
+++ b/mobile-attack/relationship/relationship--d3e06522-2a30-4d56-801e-9461178b80ce.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ef370ab-644d-4fe8-a09b-f878d8b773ef",
+    "id": "bundle--d4a5775f-b125-4d54-9666-e0446575a1b7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json b/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json
index 52e4b5fc15..e9e7aa07dd 100644
--- a/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json
+++ b/mobile-attack/relationship/relationship--d3e52467-d090-4ebd-b9b1-3022cc6d5df0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b2e7ffab-1fac-451e-bb85-20e1b32d21da",
+    "id": "bundle--98e70a29-f65a-4a73-ae62-500baddc433e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json b/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json
index 1a098d923b..9e1cc8289b 100644
--- a/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json
+++ b/mobile-attack/relationship/relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86.json
@@ -1,25 +1,32 @@
 {
     "type": "bundle",
-    "id": "bundle--e366fe0a-66ff-4741-a83a-992459fd9a69",
+    "id": "bundle--9df282a9-8fb0-4b91-b3a8-c84b6113ffe2",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--d3e6bc20-1f9c-41b6-89f0-ef95689add86",
             "created": "2023-03-20T15:16:43.275Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Samsung Knox Mobile Threat Defense",
+                    "description": "Samsung Knox Partner Program. (n.d.). Knox for Mobile Threat Defense. Retrieved March 30, 2022.",
+                    "url": "https://partner.samsungknox.com/mtd"
+                }
+            ],
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:16:43.275Z",
-            "description": "",
+            "modified": "2023-08-07T22:12:07.772Z",
+            "description": "Application vetting services could detect the invocations of methods that could be used to execute shell commands.(Citation: Samsung Knox Mobile Threat Defense)",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
index caa0fd42f1..7ebdfd765f 100644
--- a/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
+++ b/mobile-attack/relationship/relationship--d4154247-90ce-43b9-8c17-5c28f67617f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9d12325-e8e6-4b7a-a6c6-9c7f059b1849",
+    "id": "bundle--3974acf6-f5cb-452e-ac3e-62f0ff7b171b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json b/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json
index 03cc5767eb..adb7cc962a 100644
--- a/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json
+++ b/mobile-attack/relationship/relationship--d44b097a-1bba-40bd-8ec8-d717a3f3df0c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--073c5d5b-c059-4309-9c96-82c360d23db6",
+    "id": "bundle--d51875fb-c4b3-42ae-b179-1324bc24d300",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
index 59e4d42ab7..82e99caad5 100644
--- a/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
+++ b/mobile-attack/relationship/relationship--d4a5a902-231e-4878-ad5b-39620498b018.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a175d3f6-631c-452b-9caf-ea065d4d788d",
+    "id": "bundle--2ede1542-7f2c-4e05-a9d4-41482ece968d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
index 71336f6360..56550e9954 100644
--- a/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
+++ b/mobile-attack/relationship/relationship--d53a8ff0-7252-477e-8767-fd485dd62e7c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--12ee7683-baa7-4e74-9316-bc27cde56e77",
+    "id": "bundle--4b3e1591-a1ca-44f7-92d5-a45f95686670",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
index c19d14f23d..4c96d531f5 100644
--- a/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
+++ b/mobile-attack/relationship/relationship--d54bdaff-8eb8-4a02-9f64-bc33c892e9d1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--184273f7-a577-47bf-856e-1a10797e4767",
+    "id": "bundle--ab61f646-88cf-4081-b28a-ead1ae9a85c2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json b/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json
index e120de5185..7b4795fa88 100644
--- a/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json
+++ b/mobile-attack/relationship/relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--85527ae0-dd8f-4e88-9a64-9a7ed3ab898f",
+    "id": "bundle--877ac579-e455-47d9-a888-a11535a14e8d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--d54d3475-19ee-4ac5-98b0-ec1ae9336dfb",
             "created": "2023-03-20T18:58:14.140Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:58:14.140Z",
-            "description": "",
+            "modified": "2023-08-08T17:06:44.919Z",
+            "description": "The user can review which applications have location permissions in the operating system\u2019s settings menu.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--e422b6fa-4739-46b9-992e-82f1b350c780",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--d5533ca1-d57e-4bbf-bf0c-d114e4b79078.json b/mobile-attack/relationship/relationship--d5533ca1-d57e-4bbf-bf0c-d114e4b79078.json
new file mode 100644
index 0000000000..80486485c5
--- /dev/null
+++ b/mobile-attack/relationship/relationship--d5533ca1-d57e-4bbf-bf0c-d114e4b79078.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--3c47cf09-0d07-44cd-8535-83b6cc87a5fd",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--d5533ca1-d57e-4bbf-bf0c-d114e4b79078",
+            "created": "2023-08-04T18:32:39.763Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:32:39.763Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can access a device\u2019s camera and take photos.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
index bca8e7eba7..34f347d67c 100644
--- a/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
+++ b/mobile-attack/relationship/relationship--d562ed4d-ac4d-476b-872e-9e228c580889.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--987187b4-c256-4ab9-a6fb-e89cadb4dd50",
+    "id": "bundle--97a6af13-7569-4f74-a68f-4bd4d4216fa6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
index 0fb5d7f6dc..3ff6b4a666 100644
--- a/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
+++ b/mobile-attack/relationship/relationship--d5928f73-c4ba-4eb1-bf8a-e75ff6806a4a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b5f8944-660f-461d-a831-48b3ec6a927a",
+    "id": "bundle--b6fab2f9-6f33-4b87-afa1-5e232ec95034",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
index 6321ae032a..8f874b7c30 100644
--- a/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
+++ b/mobile-attack/relationship/relationship--d59da983-c521-47b6-83ab-435f7d58611d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3f2d05eb-7006-4ce1-aaa7-7b95108e8c71",
+    "id": "bundle--64df8a70-5c4e-4935-b5d1-324b5d5f4712",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json b/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json
index 5a068f627d..b9e69d9298 100644
--- a/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json
+++ b/mobile-attack/relationship/relationship--d621eba9-676f-47a4-8358-d68eeff2fb9a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6637c13c-9197-4115-8e4a-f42f423e7640",
+    "id": "bundle--23e2f2a7-6d0a-4163-9011-60fc9c02ec78",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
index 8308832b37..9f60f0f312 100644
--- a/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
+++ b/mobile-attack/relationship/relationship--d638565b-ca8e-459f-9c3b-1bd8828606f5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2726f7ca-1d7a-498e-a4da-e961fa0b49a0",
+    "id": "bundle--dd3ada38-e53e-4432-95f6-98598e35444b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json b/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json
index b1cfad994c..fa8f74f0d9 100644
--- a/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json
+++ b/mobile-attack/relationship/relationship--d63de13b-0253-42f4-b13d-34bccf76ad94.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--6891c39f-6d55-4fe5-8cfe-2c5c8d3f49b3",
+    "id": "bundle--7ff749d0-c41f-4a4c-b58a-bccfbb286912",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--d63de13b-0253-42f4-b13d-34bccf76ad94",
             "created": "2023-03-20T18:54:50.323Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:54:50.323Z",
-            "description": "",
+            "modified": "2023-08-08T15:01:30.483Z",
+            "description": "Applications could be vetted for their use of the `startForeground()` API, and could be further scrutinized if usage is found.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--648f8051-1a35-46d3-b1d8-3a3f5cf2cc8e",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
index d25a6fd852..a3db43b895 100644
--- a/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
+++ b/mobile-attack/relationship/relationship--d63f27cf-95a3-42bb-86dd-dc18e22cb898.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8826f900-f6bf-41b9-878a-a79894c56ad2",
+    "id": "bundle--9810f6de-973b-4589-9362-20e340584d3d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json b/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json
index 0dcc313198..d9191e1cec 100644
--- a/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json
+++ b/mobile-attack/relationship/relationship--d64c4924-76f0-4b2e-858d-b0df733334d0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c2731d47-ce5d-40fb-bf47-fdf562c96442",
+    "id": "bundle--886e44eb-8f4c-4b67-b7b1-d0bf7137d443",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
index 406d667ddb..2fcc2cec44 100644
--- a/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
+++ b/mobile-attack/relationship/relationship--d663cb6f-9fc8-48a0-827f-29757b12ae71.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1820ca0a-a0d1-4afb-ad8a-4db8a95ea930",
+    "id": "bundle--0e080961-d9e9-45f6-9ef1-e841946e31ed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json b/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json
index 4d4e329cdc..b89430ec65 100644
--- a/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json
+++ b/mobile-attack/relationship/relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d7d73c54-33f5-40fd-854b-9f6ec2254144",
+    "id": "bundle--ae5abf40-3a55-4be4-81fb-b9adaba71f5e",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--d66a3e5f-700e-40d0-b16a-bbb3306256c7",
             "created": "2023-03-20T15:16:28.177Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:16:28.177Z",
-            "description": "",
+            "modified": "2023-08-07T22:17:39.302Z",
+            "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
             "target_ref": "attack-pattern--29f1f56c-7b7a-4c14-9e39-59577ea2743c",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
index 0d0aa72406..8bb383c704 100644
--- a/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
+++ b/mobile-attack/relationship/relationship--d6be8665-afbb-4be5-a56a-493af01b120a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08400bb0-d160-477a-b5b8-92ad3205cf4f",
+    "id": "bundle--e15c11ff-3da2-41c7-a028-86f1d3ad4015",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
index 0801733fed..f3308ff985 100644
--- a/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
+++ b/mobile-attack/relationship/relationship--d6e4fdc6-c936-4bb9-861f-fafd3b72fcb4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7e3bef1-34ff-4b81-8256-bdca3134b9a9",
+    "id": "bundle--74b50788-b7d0-43b5-ae72-01d246ca2378",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
index 8f2b29f0b7..121acdf1cc 100644
--- a/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
+++ b/mobile-attack/relationship/relationship--d6f78e9b-94d1-4d59-b00e-89fad2261c55.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--56557cde-6602-46e0-a50b-103549ba251a",
+    "id": "bundle--f438df0c-9c47-43ce-810a-0bc3867642aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
index 8b459f0c24..db0cd54276 100644
--- a/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
+++ b/mobile-attack/relationship/relationship--d7007bf2-fcd6-4327-9ffb-bdee5bdeb383.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2197a472-b7d9-4873-8ed0-dbc2020f9e90",
+    "id": "bundle--4e55153b-b765-4050-a64d-e8f7c3b08693",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json b/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json
index 529f9c7e99..c89eabb6b5 100644
--- a/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json
+++ b/mobile-attack/relationship/relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--faa0bb62-67ee-45f4-96f7-8f57839d4a93",
+    "id": "bundle--4c454596-1046-4c85-ba28-9a57de76e764",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--d700c625-d0b6-4570-a538-0ba57bd7bda5",
             "created": "2023-03-20T18:50:21.296Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:50:21.296Z",
-            "description": "",
+            "modified": "2023-08-09T16:32:32.957Z",
+            "description": "Android applications requesting the `ACCESS_COARSE_LOCATION`, `ACCESS_FINE_LOCATION`, or `ACCESS_BACKGROUND_LOCATION` permissions and iOS applications including the `NSLocationWhenInUseUsageDescription`, `NSLocationAlwaysAndWhenInUseUsageDescription`, and/or `NSLocationAlwaysUsageDescription` keys in their `Info.plist` file could be scrutinized during the application vetting process. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
index fe8cf0ec79..a0ea4f3162 100644
--- a/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
+++ b/mobile-attack/relationship/relationship--d70aaf50-29b7-4687-98ea-ffaa3fa858c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7cdf0361-ce5a-448d-b154-262f7f7882bf",
+    "id": "bundle--e3b6c0fe-41fb-451c-9bc4-e9531a5b2a46",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
index 109142819b..8d180dc6f1 100644
--- a/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
+++ b/mobile-attack/relationship/relationship--d716163d-2492-4088-9235-b2310312ba27.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--dddfb1f7-4d70-4a59-85d9-f8325ba92874",
+    "id": "bundle--8c73fa3e-9e53-49dc-b72e-3bf7398248fc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
index f963229823..08b906fcb8 100644
--- a/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
+++ b/mobile-attack/relationship/relationship--d71fab20-a56c-4404-a65d-aaa37056f16e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5066ca51-d26f-4876-ac40-7fafad9158d2",
+    "id": "bundle--771dceb0-7441-4bb5-ba3c-ab6042b88219",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
index 0084a52d6d..4c591a8aa9 100644
--- a/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
+++ b/mobile-attack/relationship/relationship--d724bcf3-25d2-406a-b612-333fea5e2385.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7b353142-e607-422f-bb99-548e9e9e4e90",
+    "id": "bundle--5b03b491-49d4-41f2-8c68-6cd45af6fc52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
index 259111e202..5d29f5295c 100644
--- a/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
+++ b/mobile-attack/relationship/relationship--d76d838b-bbc7-459a-884a-2da8c36a2ba2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--de801072-b71f-4449-8778-0eb502e916e0",
+    "id": "bundle--de91d7b9-1a82-4ec1-896f-8e1ede4b20ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
index d5bd8dff51..75c8126ce9 100644
--- a/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
+++ b/mobile-attack/relationship/relationship--d7aa436a-e66d-4217-be66-4414703dec07.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--82bb787f-11c8-4017-a8b6-67e160b39c48",
+    "id": "bundle--f365396c-6c51-4ede-a7b2-31a99f5d3201",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
index e789aa1a0a..df349aed37 100644
--- a/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
+++ b/mobile-attack/relationship/relationship--d7ae7fb1-c363-4969-a4af-e2dd44a3c064.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6d447595-4f2c-408b-8043-eafbc7f834e8",
+    "id": "bundle--70fba375-df88-45b9-8658-6ea398f25d7c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
index ac89d1cf30..803ce6b816 100644
--- a/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
+++ b/mobile-attack/relationship/relationship--d7ca70d4-2006-4252-b243-e52be760e24d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--76f87d51-2914-47be-af08-25fc0cbbf599",
+    "id": "bundle--44f14ef5-f105-4e35-a5a1-f07e3a133249",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
index d232d829cd..7172e0b682 100644
--- a/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
+++ b/mobile-attack/relationship/relationship--d7d78682-c9ad-4880-ae6e-3fc79f3737f1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5929ca8b-b32a-4e09-93cb-60a389560933",
+    "id": "bundle--2bb95c67-ea52-47d0-9cb7-9425c24b30fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
index 593c171089..170b4ec2cb 100644
--- a/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
+++ b/mobile-attack/relationship/relationship--d84604bc-2314-4340-b9c1-b1265c0f6c37.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--42d42c32-133c-49b9-a5e0-7b90d8c92683",
+    "id": "bundle--184c160c-d655-4342-973f-bb3813291053",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
index 7da7f5e821..7cf944c961 100644
--- a/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
+++ b/mobile-attack/relationship/relationship--d87b468e-f610-4e95-8dfb-8cf029f0e891.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cef2e911-eda8-4611-a775-5a36ec96df83",
+    "id": "bundle--730385b8-f105-421a-ad83-a760a5413d6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d87b9e3a-9e6b-404d-8fc1-22262ff31157.json b/mobile-attack/relationship/relationship--d87b9e3a-9e6b-404d-8fc1-22262ff31157.json
new file mode 100644
index 0000000000..021ca5d9db
--- /dev/null
+++ b/mobile-attack/relationship/relationship--d87b9e3a-9e6b-404d-8fc1-22262ff31157.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--6d50c52f-b476-400d-8e95-5aa175b3f4fa",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--d87b9e3a-9e6b-404d-8fc1-22262ff31157",
+            "created": "2023-08-23T22:18:21.774Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-23T22:18:21.774Z",
+            "description": "Network traffic analysis may reveal processes communicating with malicious domains.  ",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+            "target_ref": "attack-pattern--5abfc5e6-3c56-49e7-ad72-502d01acf28b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
index b729801418..5788f7fcdb 100644
--- a/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
+++ b/mobile-attack/relationship/relationship--d886f368-a38b-4cb3-906f-9b284f58b369.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--182ccfe0-80d7-43ed-b469-8145073d60df",
+    "id": "bundle--ab2b5061-1c04-47b0-8e65-dac644641e7f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
index 5337bbc7d2..afef9de0cb 100644
--- a/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
+++ b/mobile-attack/relationship/relationship--d8ca4ea5-5242-4f0f-b3b7-008673f561ab.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1ed69e03-70fa-4bd8-bb61-527555272330",
+    "id": "bundle--a0440831-9753-4ea8-8614-83dcdd62fd83",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
index 89027282a4..4e4c60f678 100644
--- a/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
+++ b/mobile-attack/relationship/relationship--d8d773ab-b0e3-484b-bdb8-c1a1ab48d218.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d8028f8e-3c71-4e74-8d07-a565a5289ee9",
+    "id": "bundle--84cb0451-fb06-48f6-82f5-ca333b6ade62",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
index 50a10a2eb6..970ced4618 100644
--- a/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
+++ b/mobile-attack/relationship/relationship--d933bba1-61ab-4fea-b7db-7e2a4f4146e7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d97a80d0-7cc9-4c11-ab8f-6d972b3201c6",
+    "id": "bundle--c18f7962-7c36-4aad-bb6a-043ca0b5d24d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
index f0ed04e60f..27ba64b464 100644
--- a/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
+++ b/mobile-attack/relationship/relationship--d995dfff-e4b2-4e07-8e76-b064354f591a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--67e12f08-c7b1-49aa-9b27-dbdc0e740301",
+    "id": "bundle--8d7aa44c-25aa-4b65-afda-8c7a5c98000c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
index 9cdc9d1598..f67765e37f 100644
--- a/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
+++ b/mobile-attack/relationship/relationship--d9aab2e1-31e0-45b2-a40b-0cbe60677b4b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdc02573-d61a-4722-b238-a7b05d191f59",
+    "id": "bundle--458ca1a7-f02c-4e16-9190-6cdfd53b4384",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
index 9bc75c1782..b1c8af6503 100644
--- a/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
+++ b/mobile-attack/relationship/relationship--da424f3f-8a93-4a66-858c-b33f587108e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81ea2135-6b04-4e16-87f8-782e2d686338",
+    "id": "bundle--c10c2e2f-f5ec-4bd8-9da9-285e57b4d81b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
index ff555bd420..c62ff46574 100644
--- a/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
+++ b/mobile-attack/relationship/relationship--da4296d7-5fdb-45b6-9791-b023d634c08d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65b44237-47bc-4e25-bb46-82ac219324f8",
+    "id": "bundle--81e1eb04-ca9b-4ea9-b494-841727328c23",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--da55ec01-daf2-4fac-ba0b-243f759b73aa.json b/mobile-attack/relationship/relationship--da55ec01-daf2-4fac-ba0b-243f759b73aa.json
new file mode 100644
index 0000000000..82fcf33797
--- /dev/null
+++ b/mobile-attack/relationship/relationship--da55ec01-daf2-4fac-ba0b-243f759b73aa.json
@@ -0,0 +1,38 @@
+{
+    "type": "bundle",
+    "id": "bundle--94955df6-d94c-4ca9-a0e1-489782d65e15",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--da55ec01-daf2-4fac-ba0b-243f759b73aa",
+            "created": "2023-08-14T16:19:34.080Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "unit42_strat_aged_domain_det",
+                    "description": "Chen, Z. et al. (2021, December 29). Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends. Retrieved July 31, 2023.",
+                    "url": "https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/"
+                },
+                {
+                    "source_name": "Data Driven Security DGA",
+                    "description": "Jacobs, J. (2014, October 2). Building a DGA Classifier: Part 2, Feature Engineering. Retrieved February 18, 2019.",
+                    "url": "https://datadrivensecurity.info/blog/posts/2014/Oct/dga-part2/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-14T16:19:34.080Z",
+            "description": "Monitor for pseudo-randomly generated domain names based on frequency analysis, Markov chains, entropy, proportion of dictionary words, ratio of vowels to other characters, and more.(Citation: Data Driven Security DGA) Additionally, check if the suspicious domain has been recently registered, if it has been rarely visited, or if the domain had a spike in activity after being dormant.(Citation: unit42_strat_aged_domain_det) Content delivery network (CDN) domains may trigger these detections due to the format of their domain names.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+            "target_ref": "attack-pattern--2ccc3d39-9598-4d32-9657-42e1c7095d26",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--dae02ffb-1db5-4b7d-80a9-2a8cbf1bc852.json b/mobile-attack/relationship/relationship--dae02ffb-1db5-4b7d-80a9-2a8cbf1bc852.json
new file mode 100644
index 0000000000..eb5b9bf6db
--- /dev/null
+++ b/mobile-attack/relationship/relationship--dae02ffb-1db5-4b7d-80a9-2a8cbf1bc852.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--e742bce6-dee3-442e-a3df-d4e1e46fd4a4",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--dae02ffb-1db5-4b7d-80a9-2a8cbf1bc852",
+            "created": "2023-09-28T17:22:13.691Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:22:13.691Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can collect sensitive information, such as Google Authenticator codes.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--e1c912a9-e305-434b-9172-8a6ce3ec9c4a",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
index bfef7de406..a89e09e751 100644
--- a/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
+++ b/mobile-attack/relationship/relationship--db1201f0-f925-4c3c-8673-7524a8c20886.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d6589ac0-d26e-403d-b6b2-2c30694cbcdc",
+    "id": "bundle--8f42a93b-e6aa-45f4-abec-1607980f3c0c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
index 610b62d387..426206b895 100644
--- a/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
+++ b/mobile-attack/relationship/relationship--db34a2c8-01e0-4cd3-a497-0f4bca36812a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--667a65b7-e4fb-4522-a2ed-10ebbb4ea0e2",
+    "id": "bundle--2b2c064c-3b25-4bba-a9a7-45bd8d08a67a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
index 8ccae39d1a..e6533e9bff 100644
--- a/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
+++ b/mobile-attack/relationship/relationship--db3fc82d-d353-438d-aa5e-9b5e7e60f0ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d2536403-d8fa-4b06-a8fa-dfaa493ba0fc",
+    "id": "bundle--ecac24ac-f483-4c26-8ecf-4995a5c43a36",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dba7bd66-5f8e-41a8-ad67-ae04cfd1c8ff.json b/mobile-attack/relationship/relationship--dba7bd66-5f8e-41a8-ad67-ae04cfd1c8ff.json
new file mode 100644
index 0000000000..9c4904158f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--dba7bd66-5f8e-41a8-ad67-ae04cfd1c8ff.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--8f92be9f-ef31-4125-bb4c-220a4858a167",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--dba7bd66-5f8e-41a8-ad67-ae04cfd1c8ff",
+            "created": "2023-09-21T22:31:55.337Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-21T22:31:55.337Z",
+            "description": "Application vetting services may be able to list domains and/or IP addresses that applications communicate with.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
+            "target_ref": "attack-pattern--28fdd23d-aee3-4afe-bc3f-5f1f52929258",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json b/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json
index 3d8b764d33..edcceac824 100644
--- a/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json
+++ b/mobile-attack/relationship/relationship--dbef53a9-f9c4-4582-8e93-349ad488de12.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5ba6d9d2-b3c9-4a6f-9368-d66c5e0ada92",
+    "id": "bundle--1fae1ab2-9bc4-43cf-bd57-687faacf09f6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json b/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json
index 0e3b82176e..d269a1c710 100644
--- a/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json
+++ b/mobile-attack/relationship/relationship--dbeff88d-441f-47f9-8afc-60400ee3ab97.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--771481a9-ca7d-4f8a-b10a-6c096424bbbd",
+    "id": "bundle--9054f18e-8cb9-4835-bd57-ce333e46112d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dc354395-cccf-471a-9335-8538ce20f1ec.json b/mobile-attack/relationship/relationship--dc354395-cccf-471a-9335-8538ce20f1ec.json
new file mode 100644
index 0000000000..5f8e9c0001
--- /dev/null
+++ b/mobile-attack/relationship/relationship--dc354395-cccf-471a-9335-8538ce20f1ec.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--aa705fd6-b8c3-4def-9cbd-089d406d9848",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--dc354395-cccf-471a-9335-8538ce20f1ec",
+            "created": "2023-07-21T19:33:28.471Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:33:28.471Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can exfiltrate SMS logs.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--c6421411-ae61-42bb-9098-73fddb315002",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
index 3fa6e9d43d..abb128b451 100644
--- a/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
+++ b/mobile-attack/relationship/relationship--dc6514a0-2e9c-4f29-8c15-99e6d382e357.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ef1349dd-f95f-476d-a4cf-3a844302920f",
+    "id": "bundle--a2aef425-6c09-4532-8ff6-c7b909866e43",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json b/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json
index e5b6e184a2..ea9651e089 100644
--- a/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json
+++ b/mobile-attack/relationship/relationship--dc7ef843-a073-4e23-b717-c505d4863b02.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--cc91fbfe-ad14-47cd-85aa-0eb77ddd0b7c",
+    "id": "bundle--7d44b1c9-0075-43a8-bc3b-aa1ac732db4d",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--dc7ef843-a073-4e23-b717-c505d4863b02",
             "created": "2023-03-20T18:53:58.856Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:53:58.856Z",
-            "description": "",
+            "modified": "2023-08-14T16:27:15.979Z",
+            "description": "If the user sees a notification with text they do not recognize, they should review their list of installed applications.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
             "target_ref": "attack-pattern--ec4c4baa-026f-43e8-8f56-58c36f3162dd",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
index fe4f520b50..f7480dbf17 100644
--- a/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
+++ b/mobile-attack/relationship/relationship--dcae3b7c-27d2-4377-9dc6-59dae15ac962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0d41a7dc-8521-4e71-a4b9-c7a3224cbe65",
+    "id": "bundle--366fcf50-ce90-450e-852f-ad3830219368",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dcf01e96-1498-4ebf-b46f-d4f4eb796f23.json b/mobile-attack/relationship/relationship--dcf01e96-1498-4ebf-b46f-d4f4eb796f23.json
new file mode 100644
index 0000000000..c1db2a5e2d
--- /dev/null
+++ b/mobile-attack/relationship/relationship--dcf01e96-1498-4ebf-b46f-d4f4eb796f23.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--9c0e46bd-9e6c-4624-a398-15e0a21e8fef",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--dcf01e96-1498-4ebf-b46f-d4f4eb796f23",
+            "created": "2023-07-21T19:37:42.022Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:37:42.022Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can retrieve the list of installed applications.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--198ce408-1470-45ee-b47f-7056050d4fc2",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json b/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json
index 3c12e5fcc3..2d850de899 100644
--- a/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json
+++ b/mobile-attack/relationship/relationship--dd54e35c-d68b-4aa8-ad2a-acd4c76243c8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--595a349a-090c-4f2b-820d-7f7aae274cd1",
+    "id": "bundle--1489b300-134a-4d31-b327-080a7b4e85e8",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
index b4879c357e..d60c783b76 100644
--- a/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
+++ b/mobile-attack/relationship/relationship--ddb5ba6d-0549-44bd-a669-972bd48e927b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2fdd09a6-6295-4dbb-b1d6-1d6612cdbd41",
+    "id": "bundle--a0e64440-5406-4808-874e-06508f0b8fae",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
index 0166cee7f9..a86380bea5 100644
--- a/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
+++ b/mobile-attack/relationship/relationship--ddca1254-b404-4850-9566-0be35c6d7564.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4948de9e-bbb9-48e8-9f76-a17cc513738d",
+    "id": "bundle--8169c50e-7a67-4f12-95e9-d0b34eafeb17",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
index 3862b8aa53..41d79deb01 100644
--- a/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
+++ b/mobile-attack/relationship/relationship--ddfc5d8c-750d-424a-88d9-acc99bc5f69e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4b3e2654-7086-43ac-93fe-ba7f00ce7491",
+    "id": "bundle--4674a769-fe49-41a4-9073-e12a40cde9c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
index 88e9347355..0324c93417 100644
--- a/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
+++ b/mobile-attack/relationship/relationship--de45db46-2251-4a29-b4d7-3fcf679e9484.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4355abb-3fe4-41f3-8913-4397007fd3bb",
+    "id": "bundle--800bc183-e5bf-4c93-bf7d-fc0f73dea47c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
index 1204f9b8a8..3968b90b90 100644
--- a/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
+++ b/mobile-attack/relationship/relationship--de4ecfa3-fa91-4377-810c-5c567de9688b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ff725df-e2c5-49c6-8a10-41913251db81",
+    "id": "bundle--7291714f-172d-4d6e-8679-6985a5758210",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
index e2f31e7632..6ca8a793bc 100644
--- a/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
+++ b/mobile-attack/relationship/relationship--de69fd86-aaef-4a1e-99e9-ee32c71997d6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fd7af1bd-b72c-45c1-9ed0-bd05fa026617",
+    "id": "bundle--70d6f650-0403-492e-8da3-71e3a8fb052a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
index c501a40883..d872471f7c 100644
--- a/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
+++ b/mobile-attack/relationship/relationship--de7e3a71-1152-481c-8e5c-88f53852cab6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2889ccd6-37e4-48f6-a095-e4c90f34796a",
+    "id": "bundle--6dbdf670-b09c-4533-84fa-8b1d6d806c9c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json b/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json
index 8df71740ed..af130ce529 100644
--- a/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json
+++ b/mobile-attack/relationship/relationship--def81edd-4410-47b2-a80f-d47b3f353f54.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--b4036ffc-b634-4f20-b5c5-006f48456148",
+    "id": "bundle--edd451a6-d116-4bb0-8089-9a0ba23c7772",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--def81edd-4410-47b2-a80f-d47b3f353f54",
             "created": "2023-03-16T18:27:42.656Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T18:27:42.656Z",
-            "description": "",
+            "modified": "2023-08-08T14:59:40.699Z",
+            "description": "Application vetting services can detect which broadcast intents an application registers for and which permissions it requests. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--3775a580-a1d1-46c4-8147-c614a715f2e9",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
index ba88fa0ff0..dcfaab1945 100644
--- a/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
+++ b/mobile-attack/relationship/relationship--df036f55-f749-4dad-9473-d69535e0f98d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cce38e4d-d3ee-45df-aefd-30245835ccf2",
+    "id": "bundle--5b4373c6-35d9-4f5e-81c7-256b7618cd82",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--df07166f-917e-4bc4-899e-d689d1d3f785.json b/mobile-attack/relationship/relationship--df07166f-917e-4bc4-899e-d689d1d3f785.json
new file mode 100644
index 0000000000..afbc9d00f8
--- /dev/null
+++ b/mobile-attack/relationship/relationship--df07166f-917e-4bc4-899e-d689d1d3f785.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4dd6cb4d-fdf4-4aac-b220-c27eab9203de",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--df07166f-917e-4bc4-899e-d689d1d3f785",
+            "created": "2023-10-10T15:33:58.104Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "CheckPoint Agent Smith",
+                    "description": "A. Hazum, F. He, I. Marom, B. Melnykov, A. Polkovnichenko. (2019, July 10). Agent Smith: A New Species of Mobile Malware. Retrieved May 7, 2020.",
+                    "url": "https://research.checkpoint.com/2019/agent-smith-a-new-species-of-mobile-malware/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.104Z",
+            "description": "[Agent Smith](https://attack.mitre.org/software/S0440) can impersonate any popular application on an infected device, and the core malware disguises itself as a legitimate Google application. [Agent Smith](https://attack.mitre.org/software/S0440)'s dropper is a weaponized legitimate Feng Shui Bundle.(Citation: CheckPoint Agent Smith) ",
+            "relationship_type": "uses",
+            "source_ref": "malware--a6228601-03f6-4949-ae22-c1087627a637",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
index 883cff4544..160723bfe2 100644
--- a/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
+++ b/mobile-attack/relationship/relationship--df337ad4-c88e-425f-b869-ecac29674bf4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7a85d0c4-5d4e-406d-92fc-5ab02a385dcb",
+    "id": "bundle--d69d550a-0492-4da9-983f-38dfed4fcdf0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
index 02b0b4f98a..d002f66481 100644
--- a/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
+++ b/mobile-attack/relationship/relationship--dfe6d454-1a24-4c42-97eb-4ddfd1dbb09b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8592f628-e887-45f8-bee0-e971d8ccf4c0",
+    "id": "bundle--6e32ac86-b45a-45dc-a28d-5153cd8d3312",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
index f496ca0065..0cac88e847 100644
--- a/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
+++ b/mobile-attack/relationship/relationship--dff37d8a-b7ca-409b-b4eb-581ca3a74bb5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a57416af-1c7c-4f6c-aadf-54caf5b139d4",
+    "id": "bundle--2670f565-3217-4503-95f3-31a581ec32f2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json b/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json
index d1f76da7b8..24f169df88 100644
--- a/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json
+++ b/mobile-attack/relationship/relationship--e0121f6c-0312-4fff-9d6c-0a8aea945bea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8978ef50-9a97-40bc-b598-dc6fa590a4d3",
+    "id": "bundle--73ce6eb7-8552-409a-9e32-0d8a0d2c4881",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json b/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json
index aa38be5bcb..b4f3e2d703 100644
--- a/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json
+++ b/mobile-attack/relationship/relationship--e012da15-7669-4764-ad9d-8a1d817bcca9.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--85deb255-3403-482d-b17d-c9692e43d056",
+    "id": "bundle--62a3c6e4-c0d7-42e1-830a-2dd8e11e7ea6",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--e012da15-7669-4764-ad9d-8a1d817bcca9",
             "created": "2023-03-20T18:23:04.068Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:23:04.068Z",
-            "description": "",
+            "modified": "2023-08-08T16:22:19.012Z",
+            "description": "Application vetting services could look for indications that the application downloads and executes new code at runtime (e.g., on Android, use of `DexClassLoader`, `System.load`, or the WebView `JavaScriptInterface` capability; on iOS, use of JSPatch or similar capabilities).",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--6c49d50f-494d-4150-b774-a655022d20a6",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
index abba9719a4..b35e7c3363 100644
--- a/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
+++ b/mobile-attack/relationship/relationship--e03b0eb5-32c6-4867-9235-77fe32192983.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8a81abc8-c619-44b2-9233-583fd4362b7c",
+    "id": "bundle--9876ec9f-6a11-4f24-92b3-96e6b98fd534",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
index 7237d2adf7..368a93a915 100644
--- a/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
+++ b/mobile-attack/relationship/relationship--e03b25b0-0779-48da-b5d7-28f1f6106363.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0448767-3876-41d6-bed9-a323eaad8aa0",
+    "id": "bundle--e53ea8f2-9dac-4cc8-90ff-8cc22788d1ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
index 9933250faa..5ff126569a 100644
--- a/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
+++ b/mobile-attack/relationship/relationship--e05b61a4-ba8a-4aa5-813b-ad76de5945a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d770a126-a2b9-4bf3-8acd-b0c31c15fa59",
+    "id": "bundle--62f70bf0-d12a-45cb-a541-2eb42d2cd9b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json b/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json
index a8c5f0fba1..31ffa6b764 100644
--- a/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json
+++ b/mobile-attack/relationship/relationship--e0c3afc8-4b23-45fc-89cf-2cafbb51291e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9e514cb6-8434-4d43-9357-30c8a68163f6",
+    "id": "bundle--af5dd7d9-93ec-4fe8-a26e-01f851d2a0de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
index 757618ddd3..c9de00cc5c 100644
--- a/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
+++ b/mobile-attack/relationship/relationship--e0ebf0cd-9244-4cef-9171-128a12b87b58.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c664f58-29c4-424a-b54d-26539c136c1e",
+    "id": "bundle--48fe9311-53f9-402f-badb-d95a024407bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
index 70bbe00f02..05ff41f250 100644
--- a/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
+++ b/mobile-attack/relationship/relationship--e0f58ab7-b246-4c41-9afc-89b582590809.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e7b669f9-b707-4585-b917-b60bf886cc85",
+    "id": "bundle--8518357f-c027-4141-9c37-03d051072b8e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
index bd058c8852..3ea497b841 100644
--- a/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
+++ b/mobile-attack/relationship/relationship--e135cefa-f019-479d-86eb-438972df73e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--96b1adad-7b45-493d-8856-5e4bce819ca7",
+    "id": "bundle--0be4ce3a-94f2-4a35-b1f7-623c0c7406ac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json b/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json
index 837b044ee1..dae6b13889 100644
--- a/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json
+++ b/mobile-attack/relationship/relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d53727bd-9a36-48d4-89f0-d02ed4252ced",
+    "id": "bundle--c2883a77-47a5-4a31-bd22-2d6baf9855f1",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--e14db7d0-4053-4e0a-8b43-b950133e6e36",
             "created": "2023-03-20T18:41:31.300Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:41:31.300Z",
-            "description": "",
+            "modified": "2023-08-07T22:18:26.965Z",
+            "description": "Mobile Threat Defense (MTD) with lower-level OS APIs integrations may have access to running processes and their parameters, potentially detecting unwanted or malicious shells.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1",
             "target_ref": "attack-pattern--693cdbff-ea73-49c6-ac3f-91e7285c31d1",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--e245ad04-3fe9-4132-8bb4-77cdc4c3a1eb.json b/mobile-attack/relationship/relationship--e245ad04-3fe9-4132-8bb4-77cdc4c3a1eb.json
new file mode 100644
index 0000000000..b1443a40ef
--- /dev/null
+++ b/mobile-attack/relationship/relationship--e245ad04-3fe9-4132-8bb4-77cdc4c3a1eb.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--5ce6dd3d-0445-4307-9260-6bf0321ff6f2",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--e245ad04-3fe9-4132-8bb4-77cdc4c3a1eb",
+            "created": "2023-10-10T15:33:58.272Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "TrendMicro-XLoader-FakeSpy",
+                    "description": "Hiroaki, H., Wu, L., Wu, L.. (2019, April 2). XLoader Disguises as Android Apps, Has FakeSpy Links. Retrieved July 20, 2020.",
+                    "url": "https://blog.trendmicro.com/trendlabs-security-intelligence/new-version-of-xloader-that-disguises-as-android-apps-and-an-ios-profile-holds-new-links-to-fakespy/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:58.272Z",
+            "description": "[XLoader for Android](https://attack.mitre.org/software/S0318) has masqueraded as an Android security application.(Citation: TrendMicro-XLoader-FakeSpy)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2740eaf6-2db2-4a40-a63f-f5b166c7059c",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json b/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json
index 2c76a67e6c..c1a55306d0 100644
--- a/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json
+++ b/mobile-attack/relationship/relationship--e245e45a-71a8-408d-8f32-7b7337bffc26.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4343702-5b7d-4a1f-ab62-7ae81dfc3f50",
+    "id": "bundle--b020250b-6e0d-4f43-86d1-409be5e32c20",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
index bc00f3e798..ea5a5bc81a 100644
--- a/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
+++ b/mobile-attack/relationship/relationship--e269e6a2-a709-4aa1-a260-f3f0d0284056.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3c92d7d6-6ada-413a-906f-861445727d7d",
+    "id": "bundle--e9a86dcb-1d33-4e49-9f25-b42f7127594f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
index 51aafb29c5..4aa6155982 100644
--- a/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
+++ b/mobile-attack/relationship/relationship--e29d91f0-ebee-481d-9344-702c90775109.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ce3dd7c8-7558-456f-addb-f781e60868c0",
+    "id": "bundle--85c1e9e3-1448-4457-acbc-06f44069d2ab",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
index f7e7620235..04b83b955c 100644
--- a/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
+++ b/mobile-attack/relationship/relationship--e2ee6825-43c2-441f-ba96-404a330a9059.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--05f66308-7806-4e5b-b880-a61d478610f9",
+    "id": "bundle--e57c6c2f-3dc6-4b71-9d02-c414f9a63faa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
index 0d17061c8d..c05916fef7 100644
--- a/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
+++ b/mobile-attack/relationship/relationship--e33106e1-16ef-41b8-8d47-78c9f2b4dceb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--10b74d3f-81c0-41f8-8fa2-7e66d7780143",
+    "id": "bundle--c5512e4d-bc7e-4a31-a461-aa2bd01fd796",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json b/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json
index 8ef2c24d5f..a752f4750e 100644
--- a/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json
+++ b/mobile-attack/relationship/relationship--e34c8c23-be8f-4da9-b051-5246e5f16ba8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0de496df-4b64-4b15-8c39-f175f70c44f1",
+    "id": "bundle--163625e8-1acd-4415-ba9d-a4304f48f9f4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
index e521f60ed0..1109d9cdd0 100644
--- a/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
+++ b/mobile-attack/relationship/relationship--e35b013b-89e8-41b3-a518-7737234ab71b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d4141ac-2f3b-483e-9754-6033ac668cc4",
+    "id": "bundle--c346d788-7b1d-4dae-aea4-4f626cd70e2f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
index d0b6de8789..dd6cf00974 100644
--- a/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
+++ b/mobile-attack/relationship/relationship--e3a961ec-8184-4143-b8c2-c33ea0503678.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1cc90a4-1ebf-4b41-8bf7-048bc189be46",
+    "id": "bundle--d5092c44-4c5a-4a54-adb0-a22287ebc898",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
index ff96985c2d..32beb02343 100644
--- a/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
+++ b/mobile-attack/relationship/relationship--e3d04885-95a5-47cb-a038-b58542cf787d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fdab2c47-13c8-48a4-859d-6bda196e2f77",
+    "id": "bundle--d098114a-cace-43b2-9a6b-546a2fa90e3f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
index deb389e687..a5869f57d3 100644
--- a/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
+++ b/mobile-attack/relationship/relationship--e4019493-bd52-4011-9355-8902be6ff3f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--14a47d2b-b8ad-4509-9aef-b061fc66737d",
+    "id": "bundle--8487a863-9725-4e71-9104-567d56589a07",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json b/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json
index 6ac0b7d297..c2afa7435a 100644
--- a/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json
+++ b/mobile-attack/relationship/relationship--e457921c-4a0b-4d6e-92e7-553929ddf943.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cf4566f9-d282-4d02-8f9b-f77dd5da048e",
+    "id": "bundle--7e0c786e-51b3-4101-960a-bd3d256d601e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json b/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json
index 078ac591cc..a2a933a5f4 100644
--- a/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json
+++ b/mobile-attack/relationship/relationship--e4beccfa-a9a5-447d-8164-d39a1b2c5532.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9f5fbafd-b0b1-4f7f-bbdd-0c498b2d9521",
+    "id": "bundle--4456a199-bfce-483a-beee-c68451e762be",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json b/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json
index 23cbe0e387..4aaf481e8c 100644
--- a/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json
+++ b/mobile-attack/relationship/relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--bda0801e-2d38-417d-b1ca-60d72c48f03b",
+    "id": "bundle--3cde025a-db71-4e8a-912c-adbb5e7491c2",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--e4f90a20-f1c6-4820-8c3e-751c79cc82e8",
             "created": "2023-03-20T18:56:24.246Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:56:24.246Z",
-            "description": "",
+            "modified": "2023-08-09T15:54:20.664Z",
+            "description": "Application vetting services can look for applications requesting the `android.permission.SYSTEM_ALERT_WINDOW` permission in the list of permissions in the app manifest. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
index 9ae93241f4..f0bbab861d 100644
--- a/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
+++ b/mobile-attack/relationship/relationship--e5113d45-05bd-499f-a2e0-9edc6d7c03b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a5b5e171-7e45-4887-8f44-789c938b8487",
+    "id": "bundle--48305c36-bb60-44e2-80e7-b3d24c05dd12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
index d7983cebd5..9d769eae54 100644
--- a/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
+++ b/mobile-attack/relationship/relationship--e5ccc5c7-11ee-4357-8dd4-bf23ce2111bb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--15229a2c-2958-4616-89fd-c33d02bfae62",
+    "id": "bundle--5b32bf8e-b165-4010-b8b5-8f0608b8b246",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
index d648b21718..a99ee829f7 100644
--- a/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
+++ b/mobile-attack/relationship/relationship--e5e4567e-05a3-4d79-beab-191efc336473.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f9ed287e-1590-43f2-860a-022845daab65",
+    "id": "bundle--b3a5c169-9d70-458a-803f-4937ba5ad3f4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json b/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json
index c1a7fa5336..d87c50cc8b 100644
--- a/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json
+++ b/mobile-attack/relationship/relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d1db719a-f0fb-4774-b841-9b5669c66833",
+    "id": "bundle--d9bd4e1d-1be0-44bd-9145-d3553f13d067",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--e723d78f-b6c3-4ba5-8946-b44e651834e3",
             "created": "2023-03-16T13:32:02.290Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-16T13:32:02.290Z",
-            "description": "",
+            "modified": "2023-08-10T21:06:58.988Z",
+            "description": "Android applications using the `RECORD_AUDIO` permission and iOS applications using `RequestRecordPermission` should be carefully reviewed and monitored. If the `CAPTURE_AUDIO_OUTPUT` permission is found in a third-party Android application, the application should be heavily scrutinized.\n\nIn both Android (6.0 and up) and iOS, the user can review which applications have the permission to access the microphone through the device settings screen and revoke permissions as necessary. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
index 9e2e14dd86..aae2c2c109 100644
--- a/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
+++ b/mobile-attack/relationship/relationship--e75c623a-f9ac-4f46-b093-dd0e40b50cc6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--974d4cc6-84ad-43fb-9879-93ebf85518bc",
+    "id": "bundle--322e8a85-10c3-4aab-80e8-5d7329775140",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
index cf5d0ca7c2..6b935d2740 100644
--- a/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
+++ b/mobile-attack/relationship/relationship--e767fc9e-5211-4e7c-b628-5dd03a24af39.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9115dcee-be08-4682-ac24-9168b5ec9f83",
+    "id": "bundle--5fb5d681-52bd-44fc-9e37-052a52c62f1a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
index 6f4b978392..9ab6011fdf 100644
--- a/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
+++ b/mobile-attack/relationship/relationship--e78b2cd9-ef73-45d9-9477-e2e95454e208.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae5aa468-d696-46f7-9160-7d9b3387dfb9",
+    "id": "bundle--c4da7b28-1407-495b-881a-5abce4ae6505",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
index e83625b890..f8798c3702 100644
--- a/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
+++ b/mobile-attack/relationship/relationship--e7af5be1-721f-40c5-b647-659243a0a14b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98c7323b-08ee-4e09-9fee-4f42b1084270",
+    "id": "bundle--be3ace0d-252f-4615-9792-a671c49ebe33",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
index 5de98c3d6d..2aca7675a9 100644
--- a/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
+++ b/mobile-attack/relationship/relationship--e7b33eb5-6c2e-4743-ac8d-c27d5e7121ac.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9a6cb27-3daa-4af9-b115-2afbfb7f5c40",
+    "id": "bundle--6f191de8-a16a-4b56-b259-95b188daf805",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
index 968562a37c..a2303599e4 100644
--- a/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
+++ b/mobile-attack/relationship/relationship--e7b7e813-4867-46fe-bf86-6f367553d765.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c0f5bcd7-9294-4ab4-8408-bfcfa27ec33b",
+    "id": "bundle--e4fecfc2-ece8-4559-9034-e347eea4b48f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
index 4e85cdd75a..58ede47fc5 100644
--- a/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
+++ b/mobile-attack/relationship/relationship--e84ad4b0-9f7a-48a5-89ae-33804b11eb56.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6d45fa5c-cc2f-4a8f-9a79-a1bec9b3d3f6",
+    "id": "bundle--cf82a2b2-0f25-43cd-a50c-77e735c3b065",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
index 4fd87159df..c22828fff1 100644
--- a/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
+++ b/mobile-attack/relationship/relationship--e8768455-4d0c-4e3c-a901-1fc871227745.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8563e0fa-bbf7-4dcf-a299-217cb877fde5",
+    "id": "bundle--5463ef80-a2c1-4687-8263-4e5abce01482",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
index 10f2c95276..17f9ad9a16 100644
--- a/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
+++ b/mobile-attack/relationship/relationship--e87aa0d6-241f-4f72-bdb6-54e8d5584ae2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7d13c6c5-5047-4910-80ca-ec8cfd58f0b0",
+    "id": "bundle--5860a961-2860-416e-a692-09fb0bd060b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json b/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json
index b904aa797e..55182d83a5 100644
--- a/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json
+++ b/mobile-attack/relationship/relationship--e889782a-f66b-448e-a466-e55b1bce7b64.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6309fb7f-7b5c-47bc-8272-1a9c41d9f1b8",
+    "id": "bundle--218f87e3-c760-4332-8743-d237190cbca7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
index 1ed8a82daf..436058f205 100644
--- a/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
+++ b/mobile-attack/relationship/relationship--e8c833ee-4c7d-45a2-b29b-187fe3661c0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--efa55281-fa65-4233-af31-eba16c2d90a9",
+    "id": "bundle--c23b3b4a-4e37-4fda-93fc-ab6f770dc18c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json b/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json
index 50e1e6dbc5..7931f20497 100644
--- a/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json
+++ b/mobile-attack/relationship/relationship--e928c0ce-2b98-4af5-a990-f690f4306681.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--cb8be76f-1d23-4604-a6e2-d46199d33353",
+    "id": "bundle--9c891b9e-7b6a-4408-9787-1335d86d05c1",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--e928c0ce-2b98-4af5-a990-f690f4306681",
             "created": "2023-03-20T18:43:46.070Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:43:46.070Z",
-            "description": "",
+            "modified": "2023-08-08T14:56:32.077Z",
+            "description": "Application vetting services can detect which broadcast intents an application registers for and which permissions it requests. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--e95ac47c-8822-4ce5-bd65-f61ca873854b.json b/mobile-attack/relationship/relationship--e95ac47c-8822-4ce5-bd65-f61ca873854b.json
new file mode 100644
index 0000000000..35da7e0786
--- /dev/null
+++ b/mobile-attack/relationship/relationship--e95ac47c-8822-4ce5-bd65-f61ca873854b.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--e4244784-bb4f-43ca-a5f1-2695952762e8",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--e95ac47c-8822-4ce5-bd65-f61ca873854b",
+            "created": "2023-09-28T17:21:15.893Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:21:15.893Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can collect application keylogs.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--b1c95426-2550-4621-8028-ceebf28b3a47",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
index 22e49c7f57..9924791073 100644
--- a/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
+++ b/mobile-attack/relationship/relationship--e9607e4f-5743-4bbb-b7d4-5554d66c8be7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b208c384-17a7-44bf-b3d1-2daa0a67b2c7",
+    "id": "bundle--08449243-e60c-45dc-add3-cf27cd7a7acf",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
index f21b020931..68d82991eb 100644
--- a/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
+++ b/mobile-attack/relationship/relationship--e99fd1c9-441f-41bc-83a1-e7bed8f2d7fb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8daa543-dd34-458a-8d00-616a43b4b6fb",
+    "id": "bundle--1ce9c052-24f6-474c-89e7-43f546c547f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
index d898e911b6..860057bd34 100644
--- a/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
+++ b/mobile-attack/relationship/relationship--e9b262ba-1c32-40b3-8622-121b30d6df50.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63f5594d-df7b-4c77-ae90-335bb5a20455",
+    "id": "bundle--e010a53b-01b2-4786-85c6-dfaa815f6977",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
index 130c26b829..b7db7d8671 100644
--- a/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
+++ b/mobile-attack/relationship/relationship--e9c5deb9-30d4-4bc3-98ca-6089d4b74b1e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--01585c68-e2ef-4570-a07d-a0128b766526",
+    "id": "bundle--2c27df08-7ce8-4f4e-9dd6-db33c87b154b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
index 5499ea8503..0449c01418 100644
--- a/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
+++ b/mobile-attack/relationship/relationship--e9cbc901-38cb-4895-9dfb-7a4fe10ba6d7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4499d8f6-d66a-4e07-a165-533f7f602ff6",
+    "id": "bundle--20b037c7-1edc-4bcf-8075-6e2d537804b4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json b/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json
index fe5d6c8d79..4f7fe1a7d8 100644
--- a/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json
+++ b/mobile-attack/relationship/relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--81751d46-a30a-4a81-980c-908e3290e238",
+    "id": "bundle--55e8e680-4aab-4b19-a640-862b7f8ef76e",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--e9d5992e-04ef-4835-87df-cf6434dcabbc",
             "created": "2023-03-20T18:49:38.917Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:49:38.917Z",
-            "description": "",
+            "modified": "2023-08-09T15:51:08.240Z",
+            "description": "Application vetting services may be able to detect known privilege escalation exploits contained within applications, as well as searching application packages for strings that correlate to known password store locations.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--8605a0ec-b44a-4e98-a7fc-87d4bd3acb66",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
index 4db776f77c..6d35939b59 100644
--- a/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
+++ b/mobile-attack/relationship/relationship--ea2ad242-4365-4868-8beb-4a634f3ba6b7.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8016c0a8-d510-42e7-a59b-114cae318e86",
+    "id": "bundle--3e6b4f2f-b69a-4cea-a17a-4d0f5d81dd54",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
index cf8ea7f213..3d71f60dac 100644
--- a/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
+++ b/mobile-attack/relationship/relationship--eb052029-e1c9-4f24-8594-299aaec7f1df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f288fd92-a7b0-448b-9a08-79958739801d",
+    "id": "bundle--e9bc7dfa-0142-4004-ace5-c94f1354ce18",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
index 96d29d14bb..d2547595ad 100644
--- a/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
+++ b/mobile-attack/relationship/relationship--eb1eeb37-37a8-47b6-aff8-9703735a4d93.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2374fcb9-a67f-4337-b9ee-63e6d0b6c2f9",
+    "id": "bundle--321e0966-ddfc-44fb-917d-527ca60d995b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
index 21bdfe3966..2ffd77e67b 100644
--- a/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
+++ b/mobile-attack/relationship/relationship--eb27258f-6bb9-49b5-928e-b66f37f8f16e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5f67247b-0758-431b-8b81-b588eeaa20ce",
+    "id": "bundle--b39cd768-386b-4933-8091-e2236db3168f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
index 87e295ab1b..2bdb7f70e7 100644
--- a/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
+++ b/mobile-attack/relationship/relationship--eb58117c-5803-4f72-a499-5fa888a9a7a5.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--63b059b0-e369-49a4-b6b5-b1ae22296921",
+    "id": "bundle--e723060b-edbe-44e7-ad29-22600a900607",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb69d3c1-aa16-429e-9b72-c1a993e584fa.json b/mobile-attack/relationship/relationship--eb69d3c1-aa16-429e-9b72-c1a993e584fa.json
new file mode 100644
index 0000000000..8bd11dec0e
--- /dev/null
+++ b/mobile-attack/relationship/relationship--eb69d3c1-aa16-429e-9b72-c1a993e584fa.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--fb11805d-4a07-40d3-873f-80e133de2038",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--eb69d3c1-aa16-429e-9b72-c1a993e584fa",
+            "created": "2023-07-14T19:11:45.176Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-14T19:11:45.176Z",
+            "description": "Unexpected behavior from an application could be an indicator of masquerading.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
index e552363428..08037c4408 100644
--- a/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
+++ b/mobile-attack/relationship/relationship--eb6dbe2a-6f76-4bce-ab37-66ec67148041.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--34b6435d-249c-4c39-b7b8-f4da6dab6c77",
+    "id": "bundle--f3e8769c-2bb5-48cd-b967-f15913cbf9f5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
index 84409bd916..5a3267490d 100644
--- a/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
+++ b/mobile-attack/relationship/relationship--eb784dcf-4188-47e2-9217-837b262acfb9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb0ad874-f4e3-4161-b111-cc2f5b3ba950",
+    "id": "bundle--b01e80f8-66fd-4978-8c9c-73a1d313eaa7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json b/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json
index 6aa8e1506a..45f7ce24db 100644
--- a/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json
+++ b/mobile-attack/relationship/relationship--eba4b561-84c9-4d49-a8b8-1842c3ed94f3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb12af39-00ab-4dd3-9d32-5e94826b6ff8",
+    "id": "bundle--a5ce693b-6d2e-4976-8e90-350c2497d5e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ec734b52-a823-495c-9684-c4649269723e.json b/mobile-attack/relationship/relationship--ec734b52-a823-495c-9684-c4649269723e.json
new file mode 100644
index 0000000000..4a982170ae
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ec734b52-a823-495c-9684-c4649269723e.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--900d5166-26ae-4d22-b17f-cfca371f3961",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ec734b52-a823-495c-9684-c4649269723e",
+            "created": "2023-09-28T17:22:03.028Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:22:03.028Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can uninstall itself and other applications.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--0cdd66ad-26ac-4338-a764-4972a1e17ee3",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--ec819008-396a-4ca3-b8d3-fda7f28128d0.json b/mobile-attack/relationship/relationship--ec819008-396a-4ca3-b8d3-fda7f28128d0.json
new file mode 100644
index 0000000000..25fbd94f8f
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ec819008-396a-4ca3-b8d3-fda7f28128d0.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--7c55c8d9-2354-410f-8c13-e34fa2e7f2f0",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ec819008-396a-4ca3-b8d3-fda7f28128d0",
+            "created": "2023-08-14T16:33:56.635Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-14T16:33:56.635Z",
+            "description": "Many properly configured firewalls may naturally block command and control traffic.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba",
+            "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
index 5e3bb73bfd..e9ffb2233a 100644
--- a/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
+++ b/mobile-attack/relationship/relationship--eca02e5c-f8de-4436-a7dd-0f656c759a42.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3d39cbd6-4a86-4428-b2de-08cad817a107",
+    "id": "bundle--3e88a18c-af09-44a1-bb80-ffdab6934c7a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
index c82c4b0c09..cec4c84cc0 100644
--- a/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
+++ b/mobile-attack/relationship/relationship--eca69d9c-7c27-4147-ad7a-a1c30317df1d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--13481284-d961-4a5a-801b-97d76794a4be",
+    "id": "bundle--2d330fba-90f2-4c8a-9503-072f999d1c67",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
index f94994c411..7b771f01fe 100644
--- a/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
+++ b/mobile-attack/relationship/relationship--ece70dca-803c-4209-8792-7e56e9901288.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--038d862b-1441-4c43-ad09-d6c9eec97e1b",
+    "id": "bundle--5393310a-be8e-4edd-94c3-8947440711c0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
index eb91ab2c75..177b20f00b 100644
--- a/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
+++ b/mobile-attack/relationship/relationship--eceeb39e-887c-4a9b-a93b-a6fd768e455a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f24384df-8e44-4404-9871-1f959e4f98bb",
+    "id": "bundle--313999cd-d5ff-4503-8dc4-6444e8d06383",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
index 2a4a8432c8..ee7a68a8e4 100644
--- a/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
+++ b/mobile-attack/relationship/relationship--ed3293cf-de4f-4a73-98af-24325e8187c9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6cae59a4-3edc-4aad-83dd-4f8c31b908e4",
+    "id": "bundle--3cc3a9be-a50a-4a19-adc8-613320dd3511",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json b/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json
index 446939b073..180240bd98 100644
--- a/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json
+++ b/mobile-attack/relationship/relationship--ed48a86f-e55f-4abf-8f18-98591b756399.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65ae9316-0846-46d9-99b1-ed9ddadb7912",
+    "id": "bundle--e3e297f6-261d-4bb1-a487-b64eb6622e8b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json b/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json
index c0e9d98ec9..aa015c9988 100644
--- a/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json
+++ b/mobile-attack/relationship/relationship--ed7e9368-004c-484f-9eed-03b158325564.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d79c8f60-9227-455a-8be5-b03895c63521",
+    "id": "bundle--056f83b6-0c1e-476e-bf9b-a4a8c46048df",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--ed7e9368-004c-484f-9eed-03b158325564",
             "created": "2023-03-20T18:54:40.401Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:54:40.401Z",
-            "description": "",
+            "modified": "2023-08-09T14:39:38.390Z",
+            "description": "Application vetting services could look for known software packers or artifacts of packing techniques. Packing is not a definitive indicator of malicious activity, because as legitimate software may use packing techniques to reduce binary size or to protect proprietary code.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
             "target_ref": "attack-pattern--51636761-2e35-44bf-9e56-e337adf97174",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json b/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json
index 6167b21231..341267bec9 100644
--- a/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json
+++ b/mobile-attack/relationship/relationship--eda3c5c4-d062-48d3-a78e-051f0c9d62f6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1e1fb3d-fed6-4e08-96a9-a123766619c4",
+    "id": "bundle--296e11c4-5eff-4a7b-aceb-f5bf4ec64eb1",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
index a8392eccb4..0427e39d3d 100644
--- a/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
+++ b/mobile-attack/relationship/relationship--ede5c314-5988-4151-bb30-b6a6983d02c0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b7631850-8f54-4840-bada-e421091567a2",
+    "id": "bundle--673fd0f6-b2bc-4a82-83dc-5fa8411b5167",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
index d601ca314d..8b695252ee 100644
--- a/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
+++ b/mobile-attack/relationship/relationship--edfb68d0-5efd-4fb5-93f9-c432535686cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d85b28d-6cb1-41a5-9374-63b923e4aa69",
+    "id": "bundle--e42bf5c6-1de7-4528-865f-bde33d308010",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json b/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json
index 0ace9717c8..9c9c7dad7d 100644
--- a/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json
+++ b/mobile-attack/relationship/relationship--ee095f20-eef5-4dcc-a537-70b387592c2c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--68dcc615-3a70-4b26-86da-5362867d01db",
+    "id": "bundle--48eab94b-0c40-4d82-bbb6-fb37733e7263",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
index a11d464c41..9c1b303ce6 100644
--- a/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
+++ b/mobile-attack/relationship/relationship--ee92911e-e2a2-4b40-916d-ce01b6e897f9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4326a447-233f-4622-aebc-796ef14af419",
+    "id": "bundle--e323eb7d-d039-4167-8340-8a1befc93897",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
index 4dd8348489..66d76495ba 100644
--- a/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
+++ b/mobile-attack/relationship/relationship--ee9c1a8c-5f84-4571-8518-300a6412df0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6c450ad3-f979-4b63-b65a-676ff665f2a0",
+    "id": "bundle--7b73838d-ea68-4ebe-9762-dfa068fd0ea9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json b/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json
index 0a0e9bcf3a..b559fdf07c 100644
--- a/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json
+++ b/mobile-attack/relationship/relationship--eee008fa-a46f-4542-93e3-8fe5f949130f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6877093d-0738-4a33-aa3e-a9d094321dfa",
+    "id": "bundle--050958ae-5e05-44d8-9620-12f2b26e500d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
index 77931f9070..8fe82e5fcd 100644
--- a/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
+++ b/mobile-attack/relationship/relationship--eef4ffb7-892d-4d3f-826c-0b78d1f22671.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--98cd1cb4-0561-4dc3-a949-d79909ef8f75",
+    "id": "bundle--21471508-6795-40f4-8359-cbecd5f368da",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
index 2f21d8482d..8cc6f77f48 100644
--- a/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
+++ b/mobile-attack/relationship/relationship--eef8fb1f-3e8c-44d7-b0d1-1fbad81e392f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--47f655c3-8e70-443e-ac57-a8476b41ce21",
+    "id": "bundle--506f9c37-9a39-4049-849c-29e1d482bd55",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ef792cb5-cb1f-4871-a2ef-20e6150d4005.json b/mobile-attack/relationship/relationship--ef792cb5-cb1f-4871-a2ef-20e6150d4005.json
new file mode 100644
index 0000000000..eb02f9f699
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ef792cb5-cb1f-4871-a2ef-20e6150d4005.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--42ca7a58-2f58-48c0-b2a1-b1b105cd249f",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ef792cb5-cb1f-4871-a2ef-20e6150d4005",
+            "created": "2023-10-10T15:33:57.735Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Lookout Uyghur Campaign",
+                    "description": "A. Kumar, K. Del Rosso, J. Albrecht, C. Hebeisen. (2020, June 1). Mobile APT Surveillance Campaigns Targeting Uyghurs - A collection of long-running Android tooling connected to a Chinese mAPT actor. Retrieved November 10, 2020.",
+                    "url": "https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.735Z",
+            "description": "[DoubleAgent](https://attack.mitre.org/software/S0550) has been embedded into trojanized versions of applications such as Voxer, TalkBox, and Amaq News.(Citation: Lookout Uyghur Campaign)",
+            "relationship_type": "uses",
+            "source_ref": "malware--3d6c4389-3489-40a3-beda-c56e650b6f68",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
index 597444eb58..a873a0b1ee 100644
--- a/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
+++ b/mobile-attack/relationship/relationship--efd35b6f-7a61-4998-97ff-608547e40f66.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--427e5db7-de4d-49cf-bf46-e494c3d07468",
+    "id": "bundle--bad9eb5e-2c35-40d6-a2a7-9e1d95cf4d6b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
index 0a9640fe2d..62b0a43df3 100644
--- a/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
+++ b/mobile-attack/relationship/relationship--f012feab-5612-429f-81bd-ff75d6ffd04e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2410f5af-821c-4966-b2c8-6075cc670497",
+    "id": "bundle--9497c531-b8a5-42b4-85d5-d2996de1aa31",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
index bddaa79fd0..d5e7ed3306 100644
--- a/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
+++ b/mobile-attack/relationship/relationship--f051c943-998c-4db2-9dbc-d4755057bcf0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a3f6b71b-920d-4c88-8484-023fa4a8007d",
+    "id": "bundle--8672cf89-842a-4e64-9c3d-bf0820ca53fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json b/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json
index 8619d427e8..f200ee02e2 100644
--- a/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json
+++ b/mobile-attack/relationship/relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--54447ca1-7b48-42d9-a582-085ae7f60f64",
+    "id": "bundle--418ab0b6-5c4e-46e3-91fa-67248eb9c67c",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--f062ebc5-bad0-4b19-8c97-bf3915d687bd",
             "created": "2023-03-20T18:51:58.152Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:51:58.152Z",
-            "description": "",
+            "modified": "2023-08-14T16:23:02.162Z",
+            "description": "Application vetting reports may show network communications performed by the application, including hosts, ports, protocols, and URLs. Further detection would most likely be at the enterprise level, through packet and/or netflow inspection. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
             "target_ref": "attack-pattern--948a447c-d783-4ba0-8516-a64140fcacd5",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
index 0a1c0f5cbc..e5102ab772 100644
--- a/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
+++ b/mobile-attack/relationship/relationship--f0851531-e554-4658-920c-f2342632c19a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c535e86a-c45a-42bf-970b-ed4677c4bdfa",
+    "id": "bundle--50462bbc-7afd-4fcb-bfa1-549e8f518619",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
index 1a2fc604db..f01ddeb318 100644
--- a/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
+++ b/mobile-attack/relationship/relationship--f0a0005e-cc38-4f7a-ba49-21a4c48ae1a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e4a16777-3ee9-4f10-bbbb-9126cf31b7c2",
+    "id": "bundle--c1ac1c90-920a-48f8-91e1-21a6a165e680",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
index 6b14aa7df7..247773c743 100644
--- a/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
+++ b/mobile-attack/relationship/relationship--f0e39856-4d2d-45c5-bf16-f683ee993010.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fa5082f4-e613-46e7-b518-ca9e0b6e152a",
+    "id": "bundle--8abfe861-4aaa-46f6-8c07-ecfbd59c18b0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
index 64baf46036..1712a1d21d 100644
--- a/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
+++ b/mobile-attack/relationship/relationship--f1130c77-3d20-4c41-9e75-1953bf9b8abc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1b9731d-b06c-44a7-be9a-23231e0b2f67",
+    "id": "bundle--7ca0442a-c29c-472d-95fb-9d47aea383f7",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f157970b-4782-46d0-abdd-000ae6eea14b.json b/mobile-attack/relationship/relationship--f157970b-4782-46d0-abdd-000ae6eea14b.json
new file mode 100644
index 0000000000..bdb1d817ce
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f157970b-4782-46d0-abdd-000ae6eea14b.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--5c0c4a27-fe44-4d21-8822-e7123d4c97c9",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "type": "relationship",
+            "id": "relationship--f157970b-4782-46d0-abdd-000ae6eea14b",
+            "created": "2018-10-17T00:14:20.652Z",
+            "x_mitre_version": "1.0",
+            "x_mitre_deprecated": false,
+            "revoked": false,
+            "description": "",
+            "modified": "2022-04-06T15:41:33.832Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "relationship_type": "revoked-by",
+            "source_ref": "attack-pattern--b765efd1-02e6-4e67-aebf-0fef5c37e54b",
+            "target_ref": "attack-pattern--d9db3d46-66ca-44b4-9daa-1ef97cb7465a",
+            "x_mitre_attack_spec_version": "2.1.0",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
index ebdaba6517..a45512e0c3 100644
--- a/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
+++ b/mobile-attack/relationship/relationship--f240e06c-3a5b-4a34-a69c-5fccb4c94150.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a2193b07-fbc9-4d53-ad5c-4f7432615dd3",
+    "id": "bundle--5c69991f-aa2a-49bd-8344-98ce4f1932e0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f259b5a8-bf2f-48c9-ae1b-b20d53daf665.json b/mobile-attack/relationship/relationship--f259b5a8-bf2f-48c9-ae1b-b20d53daf665.json
new file mode 100644
index 0000000000..924821be5d
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f259b5a8-bf2f-48c9-ae1b-b20d53daf665.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--b5537663-b24f-4513-a3ab-eafa516f7db5",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--f259b5a8-bf2f-48c9-ae1b-b20d53daf665",
+            "created": "2023-07-21T19:39:51.044Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:39:51.044Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can exfiltrate data when the user boots the app, or on device boot.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--46d818a5-67fa-4585-a7fc-ecf15376c8d5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
index 9bc8bbabc9..511428c03e 100644
--- a/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
+++ b/mobile-attack/relationship/relationship--f28a2873-281f-405b-bad0-4a93dac8a5ee.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b98637ee-ccc3-4802-bca5-8bc3d94b3c6f",
+    "id": "bundle--31554336-ff76-4c6c-8720-a61f614acb2c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
index 4891ee304b..3332b8fe7b 100644
--- a/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
+++ b/mobile-attack/relationship/relationship--f2d05b16-3565-453e-9fbb-1c02146e17e1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be6f5162-55d9-4d3b-aa4b-3f5a07f56a96",
+    "id": "bundle--375fc08a-ccc7-4bb4-b61a-b6cb985d02bd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
index 25d279e6a9..2d0ed4ffcc 100644
--- a/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
+++ b/mobile-attack/relationship/relationship--f31490e8-ef81-40d5-bba9-24ca580d2ee6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--bc818c2f-5196-44b4-b1af-28fad93b7cb2",
+    "id": "bundle--438179d2-ea5f-4156-a0d7-388f8de6d26f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
index 35db1b0435..90c96ba3e0 100644
--- a/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
+++ b/mobile-attack/relationship/relationship--f3599919-c4d1-4f2e-92d4-b34a04e33132.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a8845bdc-5036-4d10-8b5a-72ddb6ff2a82",
+    "id": "bundle--d1624dbe-8318-4547-8968-54c6c0e8c018",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json b/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json
index 6df88ed854..7776c888b3 100644
--- a/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json
+++ b/mobile-attack/relationship/relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--1bcbd758-8c79-477d-a019-21a4f45e5004",
+    "id": "bundle--842f745b-812c-46bc-9bef-ca831469a59b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--f390ee16-a7c8-4ef2-b6f4-28940a8f0d81",
             "created": "2023-03-20T15:45:44.000Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:45:44.000Z",
-            "description": "",
+            "modified": "2023-08-09T15:40:17.754Z",
+            "description": "Mobile security products can potentially detect jailbroken devices.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--cc6e0637-76d2-4af3-a604-9d8d3ff8a6b3",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json b/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json
index 92368b0ff4..9aa847286f 100644
--- a/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json
+++ b/mobile-attack/relationship/relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--5937a49f-a631-4880-9f41-75c504693fb0",
+    "id": "bundle--b1132efd-9d55-4f88-9dac-dfb5a6611c09",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--f3e902fe-7eea-4b85-9067-25d29fd01dc5",
             "created": "2023-03-20T15:21:12.492Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:21:12.492Z",
-            "description": "",
+            "modified": "2023-08-07T17:20:13.644Z",
+            "description": "Integrity checking mechanisms can potentially detect unauthorized hardware modifications.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--c08366bb-8d11-4921-853f-f0a3b6a2a1da",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
index aeefebc09e..cfa75562be 100644
--- a/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
+++ b/mobile-attack/relationship/relationship--f4aeacef-035c-4308-9e85-997703e27809.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--babe5d71-de7b-4e25-b59e-8534f9874545",
+    "id": "bundle--83f46624-2a9a-40d0-8dd1-b03c5a49f45a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
index 4f3d14d843..c034dad4f2 100644
--- a/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
+++ b/mobile-attack/relationship/relationship--f4cc3b3a-284d-4a2d-9ab8-e7fa916c4012.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1f38321f-4fbc-400d-8339-0599d575936e",
+    "id": "bundle--5f383f22-2dc9-43fa-8bd1-f662f02ebe88",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
index c1a568fd21..92021c0acf 100644
--- a/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
+++ b/mobile-attack/relationship/relationship--f4d5e619-7c83-4845-aecd-de62c33cc0a1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--93ed365b-6c1d-48d4-bf0a-fe9283fc2753",
+    "id": "bundle--f61179da-28c9-4cfe-aedf-10893aeefaff",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
index 0c7736bd04..3e4a1accf3 100644
--- a/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
+++ b/mobile-attack/relationship/relationship--f4e4c3ae-4c4d-4eba-8330-022464cbf828.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--df93432b-f3f9-4ff4-925e-31e3f15d61cf",
+    "id": "bundle--c25d4beb-a870-484d-91df-4847de0c13d0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
index 34d586d9ae..55124dfcd9 100644
--- a/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
+++ b/mobile-attack/relationship/relationship--f4f4660c-6324-4da4-be2f-ac87fda85a45.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--87052d50-e622-453f-9935-b8339662fec8",
+    "id": "bundle--be66dcd1-4d5b-465f-b332-6b6e6834e98d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
index b6df584742..064084b8a8 100644
--- a/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
+++ b/mobile-attack/relationship/relationship--f517a7ce-dfdc-4f42-84c1-fef136e2ea19.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1d8688ef-c844-4841-a4ed-c7b6f505a480",
+    "id": "bundle--11f9b62a-34e9-4b94-a95b-73948efb126f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f5196775-2c99-4dc5-b173-6a10af503c6e.json b/mobile-attack/relationship/relationship--f5196775-2c99-4dc5-b173-6a10af503c6e.json
new file mode 100644
index 0000000000..7b4a5844bd
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f5196775-2c99-4dc5-b173-6a10af503c6e.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--996fabdd-aca4-4e12-b2fe-89aa70820c83",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--f5196775-2c99-4dc5-b173-6a10af503c6e",
+            "created": "2023-09-25T19:55:13.827Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-25T19:55:13.827Z",
+            "description": "Users should be encouraged to be very careful with granting dangerous permissions, such as device administrator or access to device accessibility.",
+            "relationship_type": "mitigates",
+            "source_ref": "course-of-action--653492e3-27be-4a0e-b08c-938dd2b7e0e1",
+            "target_ref": "attack-pattern--0b761f2b-197a-40f2-b100-8152cb957c0c",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
index 9dfd23dd44..8d3fc1cfd6 100644
--- a/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
+++ b/mobile-attack/relationship/relationship--f552ee2f-5e6a-47a1-b6a5-d5e5594feb0d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7dffae64-833d-4b3c-9ff1-816d2109e120",
+    "id": "bundle--4e04689e-7056-4791-bbf0-26d0c93a0e28",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
index 280fac9338..44a9760ac9 100644
--- a/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
+++ b/mobile-attack/relationship/relationship--f56b8307-80e3-4d73-869f-1e8b9538dbc4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--08b3717d-196f-45f9-b337-1ce48560ac12",
+    "id": "bundle--eba17730-0b9b-4da6-876c-446064473990",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json b/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json
index a203ab5fc7..ca59d4b30f 100644
--- a/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json
+++ b/mobile-attack/relationship/relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--85166d22-e103-444c-b6d9-b9fa50e74b78",
+    "id": "bundle--3ba8c705-13cf-4f6c-a4b4-f06e8ae0ec92",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--f58d3fc4-e0a2-4924-884d-85d7c8f00b8a",
             "created": "2023-03-20T18:39:10.113Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:39:10.113Z",
-            "description": "",
+            "modified": "2023-08-08T17:14:24.009Z",
+            "description": "The user can view a list of device administrators in device settings and revoke permission where appropriate. Applications that request device administrator permissions should be scrutinized further for malicious behavior.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6",
             "target_ref": "attack-pattern--acf8fd2a-dc98-43b4-8d37-64e10728e591",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--f5acd046-2943-48bf-836a-2109c4f1a5c4.json b/mobile-attack/relationship/relationship--f5acd046-2943-48bf-836a-2109c4f1a5c4.json
new file mode 100644
index 0000000000..e2b9d202eb
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f5acd046-2943-48bf-836a-2109c4f1a5c4.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--468cd42a-d3ad-46dd-bf8d-b9ae0ccab296",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--f5acd046-2943-48bf-836a-2109c4f1a5c4",
+            "created": "2023-09-28T17:20:50.748Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:20:50.748Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can record audio from the device\u2019s microphone.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--6683aa0c-d98a-4f5b-ac57-ca7e9934a760",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
index 4f4560fb2e..8a3a60ddbd 100644
--- a/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
+++ b/mobile-attack/relationship/relationship--f5d24a31-53d2-4e84-9110-2da0582132cb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--cb8e0f61-5766-4ae1-ab26-e97bc0d0eb49",
+    "id": "bundle--acfba9fe-53fb-4067-92b6-82462b820f04",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json b/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json
index 07507338f1..86dd89b9f2 100644
--- a/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json
+++ b/mobile-attack/relationship/relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--2fd90645-3e71-440a-9af7-c547cdcab002",
+    "id": "bundle--c679329e-68f3-4e3a-9315-8d9f001c766b",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--f5e9afdc-1aeb-472f-b267-46e7978f9d78",
             "created": "2023-03-20T18:54:09.674Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:54:09.674Z",
-            "description": "",
+            "modified": "2023-08-09T15:58:57.985Z",
+            "description": "On Android, users may be presented with a popup to select the appropriate application to open a URI in. If the user sees an application they do not recognize, they can remove it.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4",
             "target_ref": "attack-pattern--233fe2c0-cb41-4765-b454-e0087597fbce",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
index cd92970daa..54a58cc5db 100644
--- a/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
+++ b/mobile-attack/relationship/relationship--f5fab17b-43e7-46ff-bdea-eb8c52a0c6c3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--19adc504-7d11-4817-aeea-d37941ef2bbe",
+    "id": "bundle--b2c6ea81-7bdd-440e-a64f-c0e91eef1e12",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
index 8aa5317552..dab857009f 100644
--- a/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
+++ b/mobile-attack/relationship/relationship--f6098dca-3a9e-4991-8d51-1310b12161b6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--527c52b5-ed8a-4d16-a646-44faca643fb9",
+    "id": "bundle--bc2e8ce0-d515-49d1-a36c-0e0e5a3a1b81",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
index 7039e57b6c..580515ca57 100644
--- a/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
+++ b/mobile-attack/relationship/relationship--f622a267-7a58-4082-a3f5-10e9bb549a5e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9897cf5e-05c5-462b-af59-0eab601e3c8d",
+    "id": "bundle--8d52cd2b-1597-440d-8b85-f1bc9e711549",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
index 7255470719..d63f88ee29 100644
--- a/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
+++ b/mobile-attack/relationship/relationship--f62e0aaf-e52f-40b9-a059-001f298a0660.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--174bbc3c-72f8-473c-b272-b61969b8cd49",
+    "id": "bundle--538601a3-0608-4a79-90d6-1ba8b529781f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
index 81c1401745..1487535ba2 100644
--- a/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
+++ b/mobile-attack/relationship/relationship--f632b0bb-69ce-4678-bc3c-9ddff5a38794.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea0a6a52-451b-447f-94dc-4f0eed313191",
+    "id": "bundle--2626646f-501b-4574-891e-b5988d8da37f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6417788-0c6e-4172-9010-f20870ec2278.json b/mobile-attack/relationship/relationship--f6417788-0c6e-4172-9010-f20870ec2278.json
new file mode 100644
index 0000000000..4bbdf6ae83
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f6417788-0c6e-4172-9010-f20870ec2278.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--c412ed65-f24a-464b-a5e3-ad4f522fc249",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--f6417788-0c6e-4172-9010-f20870ec2278",
+            "created": "2023-06-09T19:16:07.193Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-06-09T19:16:07.193Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can request device administrator privileges.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--9c049d7b-c92a-4733-9381-27e2bd2ccadc",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
index 5cb20cbbdf..7cf46beffa 100644
--- a/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
+++ b/mobile-attack/relationship/relationship--f65087b4-adf2-4292-a711-7ae829e91397.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--65c397c3-a137-4ce4-8a3c-6617782778a7",
+    "id": "bundle--77098394-20a0-49a6-8693-2eaf7093e74c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
index 9f2177232b..cdcf9445c2 100644
--- a/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
+++ b/mobile-attack/relationship/relationship--f6770c26-ae93-468d-acaa-ab4ffea0e047.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e8156129-9e26-41af-906d-f9a94f890a5f",
+    "id": "bundle--c609a800-e867-4589-a793-b8d66098577b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f69ff81e-22e4-450c-b3dd-7f3f66610663.json b/mobile-attack/relationship/relationship--f69ff81e-22e4-450c-b3dd-7f3f66610663.json
new file mode 100644
index 0000000000..d5f5be3dec
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f69ff81e-22e4-450c-b3dd-7f3f66610663.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--0af6a261-47ce-476f-bb28-b562aeae437a",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--f69ff81e-22e4-450c-b3dd-7f3f66610663",
+            "created": "2023-08-16T16:39:10.564Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "cyble_chameleon_0423",
+                    "description": "Cyble Research & Intelligence Labs. (2023, April 13). Banking Trojan targeting mobile users in Australia and Poland. Retrieved August 16, 2023.",
+                    "url": "https://cyble.com/blog/chameleon-a-new-android-malware-spotted-in-the-wild/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-16T16:39:10.564Z",
+            "description": "[Chameleon](https://attack.mitre.org/software/S1083) can disable Google Play Protect.(Citation: cyble_chameleon_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--2cf00c5a-857d-4cb6-8f03-82f15bee0f6f",
+            "target_ref": "attack-pattern--2aa78dfd-cb6f-4c70-9408-137cfd96be49",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
index e2f042a11c..2589631866 100644
--- a/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
+++ b/mobile-attack/relationship/relationship--f6a451e8-2125-4bbe-be52-e682523cd169.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f74fb2f7-cab9-4a14-9703-b54ed42b84ff",
+    "id": "bundle--a760cd49-7b1c-4c6c-ae74-9bf35d69fd54",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
index 505f6c5d22..0ea1bdafca 100644
--- a/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
+++ b/mobile-attack/relationship/relationship--f6f21954-c592-40d8-b7a0-75f332c42eaa.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9a6c4dc9-c1d3-48f5-80b8-1028bc73428a",
+    "id": "bundle--30247ede-02a8-4455-a741-50e9b3e82708",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
index 9d3a7f497f..4d043d1ef2 100644
--- a/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
+++ b/mobile-attack/relationship/relationship--f7039142-dbdc-4ffc-a54f-136ad57a6ac1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b1d7d236-7a6a-40c7-8350-ac7de216bae2",
+    "id": "bundle--adeef31d-ebe1-4852-814f-5eb497f6c39d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
index d75cf23d86..1d158ef4a3 100644
--- a/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
+++ b/mobile-attack/relationship/relationship--f709a4a5-2d7f-4fa8-bad8-a536fd3cc7fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6e32453e-2e16-4b97-9ce7-82e9fcf05ca8",
+    "id": "bundle--162633ca-a7ff-48f1-b60a-fc4efd9e0781",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f747ccb7-32c0-45fc-9842-bfb160a9db22.json b/mobile-attack/relationship/relationship--f747ccb7-32c0-45fc-9842-bfb160a9db22.json
new file mode 100644
index 0000000000..851749da95
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f747ccb7-32c0-45fc-9842-bfb160a9db22.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--0acfc2cc-e86b-44fd-9032-20d6cfe08224",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--f747ccb7-32c0-45fc-9842-bfb160a9db22",
+            "created": "2023-07-21T19:39:20.054Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:39:20.054Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) uses a background service that can restart itself when the parent activity is stopped.(Citation: lookout_bouldspy_0423)     ",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--d446b9f0-06a9-4a8d-97ee-298cfee84f14",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
index e9c9c33b0d..ed0d2e8907 100644
--- a/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
+++ b/mobile-attack/relationship/relationship--f776a4da-0fa6-414c-a705-e9e8b419e056.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f69f3a97-8831-4834-ab59-1863454a9d9e",
+    "id": "bundle--a298660e-d42a-4acd-8c59-4e3dbb557aec",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
index d581fa79c9..90b2069980 100644
--- a/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
+++ b/mobile-attack/relationship/relationship--f7bebe78-2e21-466d-878b-f70be6c0e94a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0eb93157-32c5-4096-83f4-bd751b35e4da",
+    "id": "bundle--20635056-87e5-4f4f-90da-7ccfb456dd74",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
index 0dfbc67f0a..165d86f59c 100644
--- a/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
+++ b/mobile-attack/relationship/relationship--f7c5c344-4310-4e2a-a5aa-133f3d132fff.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fce71e4e-026f-42cd-bf1f-0bcb238a8207",
+    "id": "bundle--e0e594f0-52f3-4051-8463-9d56f651bca9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f8151852-5a56-4c91-a691-1e50387a291d.json b/mobile-attack/relationship/relationship--f8151852-5a56-4c91-a691-1e50387a291d.json
new file mode 100644
index 0000000000..63a9ea8d00
--- /dev/null
+++ b/mobile-attack/relationship/relationship--f8151852-5a56-4c91-a691-1e50387a291d.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--4e7b7aa1-b9bc-47e3-b4bc-a67d51a8acd7",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--f8151852-5a56-4c91-a691-1e50387a291d",
+            "created": "2023-09-28T17:39:14.900Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Trend Micro FlyTrap",
+                    "description": "Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts \u2014 Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.",
+                    "url": "https://news.trendmicro.com/2021/08/17/flytrap-android-malware-is-taking-over-facebook-accounts-protect-yourself-with-a-malware-scanner/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:39:14.900Z",
+            "description": "[FlyTrap](https://attack.mitre.org/software/S1093) can collect IP address and network configuration information.(Citation: Trend Micro FlyTrap)",
+            "relationship_type": "uses",
+            "source_ref": "malware--8338393c-cb2e-4ee6-b944-34672499c785",
+            "target_ref": "attack-pattern--d4536441-1bcc-49fa-80ae-a596ed3f7ffd",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
index f9a77fcfa4..c658fd05e3 100644
--- a/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
+++ b/mobile-attack/relationship/relationship--f84355c2-b829-4324-821a-b5148734bb6b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1f2d38d-6e62-40d4-b87c-3fbe706b59b2",
+    "id": "bundle--0f285655-dc25-41ae-8c8f-1d8334541990",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json b/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json
index a4d5a56bec..0909d654c6 100644
--- a/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json
+++ b/mobile-attack/relationship/relationship--f857935b-653a-4b9a-a2dc-59c042059a39.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--fde8fc51-028c-40c7-aa6d-311ea515e146",
+    "id": "bundle--6240eac0-f87f-4cbd-aafc-b6cf8f34f6b6",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--f857935b-653a-4b9a-a2dc-59c042059a39",
             "created": "2023-03-20T15:56:04.673Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T15:56:04.673Z",
-            "description": "",
+            "modified": "2023-08-14T16:28:45.049Z",
+            "description": "Application vetting services may provide a list of connections made or received by an application, or a list of domains contacted by the application. ",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0",
             "target_ref": "attack-pattern--986f80f7-ff0e-4f48-87bd-0394814bbce5",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
index af8c45ce56..d0a7f40e98 100644
--- a/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
+++ b/mobile-attack/relationship/relationship--f87bb2d2-e7fd-44ce-b537-e7e01086731c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--6fa94aca-58ca-409b-b1c8-9e3c10cfab36",
+    "id": "bundle--c0391db3-322c-4a4f-9c25-2605d9056904",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
index a75722bcc1..05114771fa 100644
--- a/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
+++ b/mobile-attack/relationship/relationship--f88cbb0c-ca34-4a87-82fa-e0e567ee8d57.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5256db90-df33-41d5-a888-e3a4d9d1cc8b",
+    "id": "bundle--c3cb231e-758f-4a70-a61c-fa18f050ea6b",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
index 4264c511fb..2be957f47c 100644
--- a/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
+++ b/mobile-attack/relationship/relationship--f92fe9dd-7296-42f6-904e-e245c438376e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--28042ed2-359f-4100-a4ce-bf1fc63d16d7",
+    "id": "bundle--ab891621-043d-4ead-be6a-792e82fcc3e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
index 5a9d9dbc00..da31ee1b04 100644
--- a/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
+++ b/mobile-attack/relationship/relationship--f947d845-4d70-41f3-ae3c-18ea8b44e667.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ca97d55-f0b4-4652-a5de-0c4c690227fc",
+    "id": "bundle--7fd8713e-efa1-42e0-bafa-ac8640b555bc",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
index 122a9f6cf9..fcf0f0ef78 100644
--- a/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
+++ b/mobile-attack/relationship/relationship--f95fec2e-f5cf-49c9-8e0b-1c6c5fd15d8f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--02dbd5c6-3b35-4049-ab59-14ec936b4532",
+    "id": "bundle--0a2fca20-5233-4b55-8843-b264270984b5",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
index e92032c026..7806707919 100644
--- a/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
+++ b/mobile-attack/relationship/relationship--f989562f-41a8-46d3-94ba-fca7269ae592.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7430a0c8-24fb-492a-b438-80e48e543989",
+    "id": "bundle--48249f0d-1352-43d6-8edd-560f0c9ef981",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
index e0fe06021b..369851074f 100644
--- a/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
+++ b/mobile-attack/relationship/relationship--f9d0cfb5-aeda-4de4-9c72-7098297555ae.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f652914d-cf4e-49b0-a5fe-3ab657027524",
+    "id": "bundle--843a5ef0-19b4-4783-a3c2-485414951a85",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
index 72c7f56c92..6de2c7c6cc 100644
--- a/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
+++ b/mobile-attack/relationship/relationship--f9de9819-b131-459e-948b-bdf3fe6f1ef0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0ede4576-c329-438f-8391-cfd51b6f32ed",
+    "id": "bundle--2620795f-e179-4f8d-a79c-21c22a553172",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
index cdd6a2de2e..8ce06a6341 100644
--- a/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
+++ b/mobile-attack/relationship/relationship--fa13936f-9b9d-4b48-a33f-81044f6cdedb.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0b4c9ede-8dca-4186-a1c3-c8e314e4c27c",
+    "id": "bundle--2d4e1196-9e96-4f07-94d5-615ca2e34746",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
index b744789385..5dd1e5a9a2 100644
--- a/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
+++ b/mobile-attack/relationship/relationship--fa1da6db-da32-45d2-98a8-6bbe153166da.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2c234dd2-e508-4ce1-8e2b-855e32648b22",
+    "id": "bundle--883629e7-cd61-48cb-9833-4a0152ceaf8f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
index eb1eb21fb9..76cbcc55b4 100644
--- a/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
+++ b/mobile-attack/relationship/relationship--fa222de8-ba3a-45c1-a7eb-d7502843cc2d.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e03ad305-cb9b-4787-91d9-a287cefc3bb4",
+    "id": "bundle--42c36133-caa8-4867-92df-a4e91ccd1f60",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json b/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json
index 1be83da4c1..d55a827dba 100644
--- a/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json
+++ b/mobile-attack/relationship/relationship--fa5f3aea-2131-4690-8833-dc428fae2b22.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e29c29b9-b33d-4fa2-8497-749c50a897f3",
+    "id": "bundle--214e9c82-e45a-4ceb-8e23-c9dfc50b2bed",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
index 6e45289b8f..f55ae59105 100644
--- a/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
+++ b/mobile-attack/relationship/relationship--fada5ba5-7449-4878-b555-82f225473c8b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4019a87-6100-489f-8f1e-6de8a03e3d05",
+    "id": "bundle--3244803b-00a6-4e43-b947-4812c5a92472",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fadd27ec-56ac-4834-af40-76c9e8764eb9.json b/mobile-attack/relationship/relationship--fadd27ec-56ac-4834-af40-76c9e8764eb9.json
new file mode 100644
index 0000000000..ba0e558978
--- /dev/null
+++ b/mobile-attack/relationship/relationship--fadd27ec-56ac-4834-af40-76c9e8764eb9.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--edbd5671-faa9-447a-a48c-50bbdebb4ceb",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--fadd27ec-56ac-4834-af40-76c9e8764eb9",
+            "created": "2023-07-21T19:34:53.934Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_bouldspy_0423",
+                    "description": "Kyle Schmittle, Alemdar Islamoglu, Paul Shunk, Justin Albrecht. (2023, April 27). Lookout Discovers Android Spyware Tied to Iranian Police Targeting Minorities: BouldSpy. Retrieved July 21, 2023.",
+                    "url": "https://www.lookout.com/blog/iranian-spyware-bouldspy"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-07-21T19:34:53.934Z",
+            "description": "[BOULDSPY](https://attack.mitre.org/software/S1079) can get a device\u2019s location using GPS or network.(Citation: lookout_bouldspy_0423)",
+            "relationship_type": "uses",
+            "source_ref": "malware--a2ee7d2d-fb45-44f3-8f67-9921c7810db1",
+            "target_ref": "attack-pattern--99e6295e-741b-4857-b6e5-64989eb039b4",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--faf3396c-3a53-478c-b15c-7ff44ef4a5f5.json b/mobile-attack/relationship/relationship--faf3396c-3a53-478c-b15c-7ff44ef4a5f5.json
new file mode 100644
index 0000000000..de52c8f4af
--- /dev/null
+++ b/mobile-attack/relationship/relationship--faf3396c-3a53-478c-b15c-7ff44ef4a5f5.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--8b35aa6c-4193-4975-99c4-b4cf2e8b2ec1",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--faf3396c-3a53-478c-b15c-7ff44ef4a5f5",
+            "created": "2023-06-09T19:16:53.458Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-06-09T19:16:53.458Z",
+            "description": "[Hornbill](https://attack.mitre.org/software/S1077) can access a device\u2019s camera and take photos.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--15d78a95-af6a-4b06-8dae-76bedb0ec5a1",
+            "target_ref": "attack-pattern--d8940e76-f9c1-4912-bea6-e21c251370b6",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
index 87bf994217..8c3b3efed1 100644
--- a/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
+++ b/mobile-attack/relationship/relationship--faff9f9c-9064-4b3a-bdf9-bbeced2447a6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1015ffcc-606a-4f8a-bb17-61733ea01c8a",
+    "id": "bundle--1de48559-1025-4e97-82ce-b0ca80b5a72f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
index fdf2cd4ad8..0e295e5924 100644
--- a/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
+++ b/mobile-attack/relationship/relationship--fb2a14c1-bed9-4c3f-a60b-8df384c18b68.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5d32031b-4457-4305-846b-b82b54d01b1b",
+    "id": "bundle--6fed1047-e326-4d42-9b3e-e7e1d02f56aa",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
index b729803e42..bcc116da64 100644
--- a/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
+++ b/mobile-attack/relationship/relationship--fb3b32a8-6422-4d44-91e3-27a58e569963.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--151f3c51-8f3f-4cae-89d1-29a831daafc0",
+    "id": "bundle--cdc784c6-f860-44b4-919e-cb9cdf772dba",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
index 33198019ef..3ebe9da31b 100644
--- a/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
+++ b/mobile-attack/relationship/relationship--fb51161a-ef2e-41a4-b5f9-bd1f64f95674.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36cf88e8-ac88-4847-8c7b-f8c881ea1e3c",
+    "id": "bundle--c98bc1ab-9f32-4f3d-834d-19bf155cd06f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
index ae3196632c..8a0080f6d3 100644
--- a/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
+++ b/mobile-attack/relationship/relationship--fb587f81-1300-438d-a33b-f8d08530788b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f4584d1a-55c9-47ae-a165-50775a210ebc",
+    "id": "bundle--202a0b31-d557-4452-8ddb-8cff6261b246",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
index 7e4434e6d3..6bd7ace843 100644
--- a/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
+++ b/mobile-attack/relationship/relationship--fb5c6c5e-53d4-4bb9-b9cf-74170058b19b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--512d20e5-b907-433d-849d-8f0986165507",
+    "id": "bundle--8b9d7fa7-ec8f-4d68-9f2a-d43c6017285f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
index 9f586ac809..5b890d4209 100644
--- a/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
+++ b/mobile-attack/relationship/relationship--fb62afa9-d593-44f8-840d-bd5c595a1228.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ab6e6b4c-3bdd-4945-b181-70711a89cdee",
+    "id": "bundle--37b1fb2b-2b43-4708-9b40-b24eada97217",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
index 0dac61d589..e836b446e7 100644
--- a/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
+++ b/mobile-attack/relationship/relationship--fb6458b0-01b8-4c3f-b0f2-ef5d5bd9f6a8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--623e7d7a-0e79-41f8-b623-2ad79dfbfb77",
+    "id": "bundle--496d19e5-0499-415a-86bd-3e17cb373435",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
index 768fcb499d..b775780b78 100644
--- a/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
+++ b/mobile-attack/relationship/relationship--fbdbddd7-4980-4061-9192-24a887bc6bad.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d896f44d-f963-429e-844d-63f55e70367a",
+    "id": "bundle--abb04a8b-cbaf-4d83-8a1c-96ccb7d3b319",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fbeef07b-7aa1-461c-884a-d3c4f730d5f7.json b/mobile-attack/relationship/relationship--fbeef07b-7aa1-461c-884a-d3c4f730d5f7.json
new file mode 100644
index 0000000000..673d8ce897
--- /dev/null
+++ b/mobile-attack/relationship/relationship--fbeef07b-7aa1-461c-884a-d3c4f730d5f7.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--eb5d2fec-06d2-4c60-9f40-e057758771fa",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--fbeef07b-7aa1-461c-884a-d3c4f730d5f7",
+            "created": "2023-09-28T17:22:27.968Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Bleeipng Computer Escobar",
+                    "description": "B. Toulas. (2022, March 12). Android malware Escobar steals your Google Authenticator MFA codes. Retrieved September 28, 2023.",
+                    "url": "https://www.bleepingcomputer.com/news/security/android-malware-escobar-steals-your-google-authenticator-mfa-codes/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-09-28T17:22:27.968Z",
+            "description": "[Escobar](https://attack.mitre.org/software/S1092) can collect credentials using phishing overlays.(Citation: Bleeipng Computer Escobar)",
+            "relationship_type": "uses",
+            "source_ref": "malware--ec13d292-6d8d-4c7a-b07c-a2bd2402569a",
+            "target_ref": "attack-pattern--4c58b7c6-a839-4789-bda9-9de33e4d4512",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.2.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
index c52c6a382f..722aeb5969 100644
--- a/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
+++ b/mobile-attack/relationship/relationship--fc22c1f0-6888-43c0-ac7e-ee3d21feafc4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--66076b39-d882-4f6b-b30c-d8ea0c926789",
+    "id": "bundle--90e12a75-3d00-4075-9145-ca24b231f910",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json b/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json
index 61a782698f..45b49a5e39 100644
--- a/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json
+++ b/mobile-attack/relationship/relationship--fc7639c8-0e52-4f6f-9cf3-7840be81ad55.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c722d56b-273e-45a1-9927-8db11981434b",
+    "id": "bundle--9d7fdf75-a4fe-4e41-84ff-7a926c72144d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
index b616821ea0..2eaca1bbc9 100644
--- a/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
+++ b/mobile-attack/relationship/relationship--fc816ddc-199d-47b0-93af-c81305d0919f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--646fe9cf-c28e-400b-b20c-763b60fbd736",
+    "id": "bundle--807547d1-5740-4b0e-a2b9-bb50c1bf8f34",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
index 1cbc61bd9b..d9078c4760 100644
--- a/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
+++ b/mobile-attack/relationship/relationship--fcb3a139-f644-45c9-8123-dfea0455143a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9c4855f4-cc30-457a-8d88-1cfbec5d716e",
+    "id": "bundle--da92bf54-8c6c-43c4-b277-d40c44e54074",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
index 25a438a4d0..7f7e0e68aa 100644
--- a/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
+++ b/mobile-attack/relationship/relationship--fcc42341-ec3a-4e24-a374-46bed72d061f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--07225759-ee55-44eb-ab69-0505166450fd",
+    "id": "bundle--0fd413a5-9102-4290-906c-aead916e7b1f",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
index 7d73e596f9..e2afb67c13 100644
--- a/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
+++ b/mobile-attack/relationship/relationship--fcda686d-0c3a-457a-a34d-6dcfb28f54bd.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--36ae66eb-be6c-4571-997e-cedc679ec41c",
+    "id": "bundle--c9368457-b478-4a3d-9399-072578c2796c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
index 1f2862fbbd..0ee6a46544 100644
--- a/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
+++ b/mobile-attack/relationship/relationship--fcdc2f1f-9787-4faa-86bf-2ed73f15a576.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4ad3d8e2-7915-4041-8143-7b023003fcd3",
+    "id": "bundle--a65d285b-4d96-4db1-9785-0163cab5e85c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fd50cda0-66d4-4ae1-864e-9345d8124ce2.json b/mobile-attack/relationship/relationship--fd50cda0-66d4-4ae1-864e-9345d8124ce2.json
new file mode 100644
index 0000000000..564be15a68
--- /dev/null
+++ b/mobile-attack/relationship/relationship--fd50cda0-66d4-4ae1-864e-9345d8124ce2.json
@@ -0,0 +1,26 @@
+{
+    "type": "bundle",
+    "id": "bundle--61b295ee-1b83-46e5-86c8-833af13f6a3d",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--fd50cda0-66d4-4ae1-864e-9345d8124ce2",
+            "created": "2023-08-08T16:14:27.679Z",
+            "revoked": false,
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-08T16:14:27.679Z",
+            "description": "Application vetting services may potentially determine if an application contains suspicious code and/or metadata.",
+            "relationship_type": "detects",
+            "source_ref": "x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
index 004f37871d..a993b64201 100644
--- a/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
+++ b/mobile-attack/relationship/relationship--fd5b3d4b-5d56-4d66-8b57-f858bc139901.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9dee057f-dd24-4c8e-8483-c6d2649ac9ab",
+    "id": "bundle--12de6112-765d-412b-99b2-4ae2a9fff05e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json b/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json
index e482b91e83..b49c538fa3 100644
--- a/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json
+++ b/mobile-attack/relationship/relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--7d605ed3-843e-4296-bbb0-459f5cbf2158",
+    "id": "bundle--8c58da8f-61bc-4aa2-a6b8-7eb5aa277d89",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--fd6c7f4b-ce0f-4770-8487-786e41b63549",
             "created": "2023-03-20T18:24:56.396Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:24:56.396Z",
-            "description": "",
+            "modified": "2023-08-07T17:12:07.475Z",
+            "description": "Mobile security products can often alert the user if their device is vulnerable to known exploits.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6",
             "target_ref": "attack-pattern--fd339382-bfec-4bf0-8d47-1caedc9e7e57",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
index 70966342f8..cf864f9928 100644
--- a/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
+++ b/mobile-attack/relationship/relationship--fd8a4b6d-0e7b-4105-ad7b-576836be6394.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b9e4d8bb-2ee5-4328-9fdc-9783461a7e5c",
+    "id": "bundle--7e3f6fde-f9d9-4ec0-92aa-efe90a25e2e6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
index 94c5f7c907..a1564a8ef4 100644
--- a/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
+++ b/mobile-attack/relationship/relationship--fda8fe32-6121-4b81-9aa0-4e9596db88b1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--387e50ff-a8cc-417e-bfa4-2eed928d8518",
+    "id": "bundle--5c279e4b-1269-43a2-afca-6289737f12c9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
index db3f793326..4120cd5979 100644
--- a/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
+++ b/mobile-attack/relationship/relationship--fdf06a0b-08d2-4cac-9d49-b3f1454ec4ea.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--1daac5d2-3700-4242-919e-2b744baeed8b",
+    "id": "bundle--6736bf2b-cba3-456c-b861-b787f7d5da39",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
index 8a999e98a5..aed5c171c4 100644
--- a/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
+++ b/mobile-attack/relationship/relationship--fe794ba6-42be-4d42-a16f-a41473874331.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ea7ab4c0-ff62-490d-9cba-8a7143b50946",
+    "id": "bundle--b8dfb279-1ba1-4737-b8cb-a4e0298ac232",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json b/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json
index 6abfb5fb54..25a9c1739d 100644
--- a/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json
+++ b/mobile-attack/relationship/relationship--ff3aa49b-c054-44ec-89da-6c67d4995193.json
@@ -1,25 +1,25 @@
 {
     "type": "bundle",
-    "id": "bundle--d2aea618-a9e3-4c86-9613-8ce2762050e6",
+    "id": "bundle--8b254665-47f2-4700-b0d4-420cd49caf44",
     "spec_version": "2.0",
     "objects": [
         {
             "type": "relationship",
             "id": "relationship--ff3aa49b-c054-44ec-89da-6c67d4995193",
             "created": "2023-03-20T18:44:44.257Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "revoked": false,
             "object_marking_refs": [
                 "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
             ],
-            "modified": "2023-03-20T18:44:44.257Z",
-            "description": "",
+            "modified": "2023-08-09T15:52:15.261Z",
+            "description": "Application vetting services can look for applications requesting the permissions granting access to accessibility services or application overlay.",
             "relationship_type": "detects",
             "source_ref": "x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43",
             "target_ref": "attack-pattern--a8c31121-852b-46bd-9ba4-674ae5afe7ad",
             "x_mitre_deprecated": false,
             "x_mitre_version": "0.1",
             "x_mitre_attack_spec_version": "3.1.0",
-            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
             "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
         }
     ]
diff --git a/mobile-attack/relationship/relationship--ff410bea-7b23-4b0c-9979-b7ae3050d938.json b/mobile-attack/relationship/relationship--ff410bea-7b23-4b0c-9979-b7ae3050d938.json
new file mode 100644
index 0000000000..6921696933
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ff410bea-7b23-4b0c-9979-b7ae3050d938.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--32b75979-4273-4217-9910-adc7c129bb1f",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ff410bea-7b23-4b0c-9979-b7ae3050d938",
+            "created": "2023-08-04T18:34:26.118Z",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "lookout_hornbill_sunbird_0221",
+                    "description": "Apurva Kumar, Kristin Del Rosso. (2021, February 10). Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict. Retrieved June 9, 2023.",
+                    "url": "https://www.lookout.com/blog/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-08-04T18:34:26.118Z",
+            "description": "[Sunbird](https://attack.mitre.org/software/S1082) can exfiltrate calendar information.(Citation: lookout_hornbill_sunbird_0221)",
+            "relationship_type": "uses",
+            "source_ref": "malware--feae299d-e34f-4fc9-8545-486d0905bd41",
+            "target_ref": "attack-pattern--a9fa0d30-a8ff-45bf-922e-7720da0b7922",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "0.1",
+            "x_mitre_attack_spec_version": "3.1.0",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--ff55feec-669d-4199-a05c-e8dfaebaaf8f.json b/mobile-attack/relationship/relationship--ff55feec-669d-4199-a05c-e8dfaebaaf8f.json
new file mode 100644
index 0000000000..a2a6745e67
--- /dev/null
+++ b/mobile-attack/relationship/relationship--ff55feec-669d-4199-a05c-e8dfaebaaf8f.json
@@ -0,0 +1,33 @@
+{
+    "type": "bundle",
+    "id": "bundle--a3c99d9c-be09-430f-b211-126a933a1708",
+    "spec_version": "2.0",
+    "objects": [
+        {
+            "type": "relationship",
+            "id": "relationship--ff55feec-669d-4199-a05c-e8dfaebaaf8f",
+            "created": "2023-10-10T15:33:57.463Z",
+            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "revoked": false,
+            "external_references": [
+                {
+                    "source_name": "Microsoft MalLockerB",
+                    "description": "D. Venkatesan. (2020, October 8). Sophisticated new Android malware marks the latest evolution of mobile ransomware . Retrieved October 29, 2020.",
+                    "url": "https://www.microsoft.com/security/blog/2020/10/08/sophisticated-new-android-malware-marks-the-latest-evolution-of-mobile-ransomware/"
+                }
+            ],
+            "object_marking_refs": [
+                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
+            ],
+            "modified": "2023-10-10T15:33:57.463Z",
+            "description": "[AndroidOS/MalLocker.B](https://attack.mitre.org/software/S0524) has masqueraded as popular apps, cracked games, and video players. (Citation: Microsoft MalLockerB)",
+            "relationship_type": "uses",
+            "source_ref": "malware--9b86f8c3-33ab-44cf-a66d-c0fd6070e2ce",
+            "target_ref": "attack-pattern--114fed8b-7eed-4136-8b9c-411c5c7fff4b",
+            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
+            "x_mitre_deprecated": false,
+            "x_mitre_version": "1.0",
+            "x_mitre_attack_spec_version": "2.1.0"
+        }
+    ]
+}
\ No newline at end of file
diff --git a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
index d1bbc4e50f..bff39a7521 100644
--- a/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
+++ b/mobile-attack/relationship/relationship--ffc24804-42db-4be1-a418-7f5ab9de453c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e80f9bcb-1e25-472c-a73d-158a51f95f76",
+    "id": "bundle--98aa88cf-aff6-46d9-9cd8-6ff04ec609a2",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
index 7321c38593..2964292b80 100644
--- a/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
+++ b/mobile-attack/relationship/relationship--ffc82546-f4da-4f47-88ec-b215edb1d695.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0f30608c-d7e5-4e13-89e6-8f37dff9cb2c",
+    "id": "bundle--4439d42a-ec2e-44b2-bd23-38c835c68f6e",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
index b633657938..7678b6b692 100644
--- a/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
+++ b/mobile-attack/relationship/relationship--ffddcabb-0f03-46ae-abd6-7ab94e91b055.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--50484108-4f2b-49a3-b566-e64ec1b2e7f5",
+    "id": "bundle--5132553b-0f78-4d80-8620-7da5146452c6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
index dad94e0221..bf94b6817e 100644
--- a/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
+++ b/mobile-attack/relationship/relationship--fff16b5e-49c2-45e2-8b3a-fd5f82c96dd9.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--9ae69822-6199-4b2c-b28b-69c57f547116",
+    "id": "bundle--78fc83e5-e4f7-4228-b731-fbaff26ff755",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
index 30be72062f..f4cfc133e6 100644
--- a/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
+++ b/mobile-attack/tool/tool--1622fd3d-fcfc-4d02-ac49-f2d786f79b81.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--97131e09-4d17-4422-923c-6e5bdc54f062",
+    "id": "bundle--2e7b3851-204a-4872-83f5-9d4b6d6efc52",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
index dbd5c5565d..1af62ec775 100644
--- a/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
+++ b/mobile-attack/tool/tool--da21929e-40c0-443d-bdf4-6b60d15448b4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f71c2f58-d4a1-4e14-b9fa-e0d45bc2b7a7",
+    "id": "bundle--dd54c7c1-6577-4d4f-8177-6b421cce5bac",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json
index 7d81fe4d0b..57124b30dd 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--181a9f8c-c780-4f1f-91a8-edb770e904ba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0278285a-6a54-465c-8d73-fad0bcb32805",
+    "id": "bundle--264fe9ec-8a82-42bd-8ee2-806cdd73a9de",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json
index 29c702b526..4c97a9940e 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3772e279-27d6-477a-9fe3-c6beb363594c.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--2dfe1862-e2e4-4755-a6b0-e97b3c1a3157",
+    "id": "bundle--1c58defa-5279-445a-8169-b58272bcea72",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json
index 22ab05d16e..ca55dff9e8 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--3d20385b-24ef-40e1-9f56-f39750379077.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--21875d58-4868-4d63-bd7d-fca721caf4f8",
+    "id": "bundle--8d3e5450-9e9e-4054-adf7-9495257cdc73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json
index d9c88f869a..ecf89ecb68 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--56c2b384-77f8-461f-a71a-76f7888ebfb6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5194ca2c-f959-45f1-8583-75c6a758e5ab",
+    "id": "bundle--f3249160-30e0-4ad4-9bf4-0805ab3a013c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json
index 6fbbfac6e3..4525d7a8c1 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--5ae32c6a-2d12-4b8f-81ca-f862f2be0962.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--72b54462-4fc8-46ae-b018-773e49d92436",
+    "id": "bundle--a5a71094-1fe8-4d83-96e9-ad5e175d5634",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json
index 91461a3187..96c01451cf 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--61f1d40e-f3d0-4cc6-aa2d-937b6204194f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--80d3bbdb-522c-4eaf-a37b-5882eda4a6e3",
+    "id": "bundle--8877457b-6389-4cfd-a2db-926d4a090157",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json
index 7da1cdf132..8ab1c0ed31 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--685f917a-e95e-4ba0-ade1-c7d354dae6e0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--79345f19-b05b-4014-844d-7c2e85fc52d5",
+    "id": "bundle--65bdd1c4-3221-493e-84e7-fcdf19efa15a",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json
index 9f383dc393..5af31151b9 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--6c62144a-cd5c-401c-ada9-58c4c74cd9d2.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--61cce305-4a82-496f-b88d-67941367e5c6",
+    "id": "bundle--ad0c8f0d-27dc-42ed-a297-2de20d017c68",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json
index 0cf8a370e7..c3ad397d5e 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--764ee29e-48d6-4934-8e6b-7a606aaaafc0.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f7176a61-17fe-43e1-b7dd-2a062b8b5630",
+    "id": "bundle--b491bcd2-15f8-4643-b57a-cbf573dd98fd",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json
index 56153d709f..7416e336cf 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--85a533a4-5fa4-4dba-b45d-f0717bedd6e6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--88ea97e1-255d-4229-862a-d92f593a12a0",
+    "id": "bundle--6c40caf6-10ae-4016-9cf5-d96b721e1b73",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json
index c098cbde4b..3f9a2ddbca 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--a7f22107-02e5-4982-9067-6625d4a1765a.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70735986-4548-4cb1-9bda-21d93912f89d",
+    "id": "bundle--c6f78f88-4d39-4962-9e30-8fa52a463a96",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json
index 6a1e2dd8d7..88cae2d677 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--b1e0bb80-23d4-44f2-b919-7e9c54898f43.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--b8f0a1a2-b1f2-4ff0-a1ed-b2aafb713385",
+    "id": "bundle--85243032-ea71-4d09-b988-1cacc2643cc0",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json
index d5d0e9990c..4fe7a9e4e9 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--bf0ff551-a5a7-40e5-bff9-f9405011b1f4.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d1fa7cb9-a729-40ac-b928-625913f34835",
+    "id": "bundle--3c1c5e76-ca51-4e50-966b-1a059ff0263d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json
index 7726d9a543..057f476998 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--e2f72131-14d1-411f-8e8c-aa3453dd5456.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7120e9bd-cb23-4f48-9d8c-612e9e02c791",
+    "id": "bundle--99ff701b-fb0a-44a4-ae37-c81015be4519",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json b/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json
index 825447db21..a4bb8d9c4c 100644
--- a/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json
+++ b/mobile-attack/x-mitre-data-component/x-mitre-data-component--ee575f4a-2d4f-48f6-b18b-89067760adc1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--0a1effba-3584-4425-86dd-607896b5668e",
+    "id": "bundle--59504e56-14e3-4238-bd2b-fb8ace40e7f3",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json
index 4c29ef93b0..470f06f7e7 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--4523e7f3-8de2-4078-96f8-1227eb537159.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--70f69f14-8725-4bb8-80e4-fc71bd65f6df",
+    "id": "bundle--fbb64ba3-aec4-4901-8ed7-a73797ac7565",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json
index 7f265ca938..993706a0c3 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--55ba7d30-887f-42c1-a24e-c4e90aff24b8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3ecebfce-4aec-4ea6-b060-17661c3a6cc3",
+    "id": "bundle--ce953cf0-83ac-4abe-8acb-2420df305bd6",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json
index 39a11ffd1d..22cf7d391c 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--73691708-ffb5-4e29-906d-f485f6fa7089.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--f1bfe9e1-f359-4d38-963a-2adc8db6aec6",
+    "id": "bundle--8563e002-8a60-4671-928a-c9164da673d9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json
index 346244bcc4..43e0f67167 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--c000cd5c-bbb3-4606-af6f-6c6d9de0bbe3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--d0961e83-23a6-4dad-8404-58121f6ec8c3",
+    "id": "bundle--47a5481d-5d07-41e9-bfb4-f023ff968279",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json
index df30d53317..d75ad4f722 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e156f007-c5bf-45cc-8dd5-d442ffb0d203.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5468b4df-44d1-4b46-8475-04d49be5227f",
+    "id": "bundle--537a2e9c-bf2c-46d7-82a3-6afc662b0827",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json
index 80e3a04526..8819e3ec54 100644
--- a/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json
+++ b/mobile-attack/x-mitre-data-source/x-mitre-data-source--e8b8ede7-337b-4c0c-8c32-5c7872c1ee22.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--5e7c5799-7e20-4ef2-8eb3-8c613bc21759",
+    "id": "bundle--25d436f6-a3ab-436d-8aec-13233ecdd6e9",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
index f484393385..873d2ff4c7 100644
--- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
+++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--5104d5f0-16b7-4aec-8ae3-0a90cd5494fc.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--be196bb6-cf38-4f9d-a5f3-62f4637aa72a",
+    "id": "bundle--6f3c8fa2-35e0-427e-8966-4f4473d3d384",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
index 5bb3a5649a..f699ddee18 100644
--- a/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
+++ b/mobile-attack/x-mitre-matrix/x-mitre-matrix--a382db5e-d009-4135-b893-0e0ff021c95b.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--52e0f65f-4996-4c47-bddc-a955e1c146f9",
+    "id": "bundle--8b1d0af1-acc2-4e1a-af29-87f8c79f25ee",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
index ee384fbbc1..ffd713a80c 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--0a93fd8e-4a83-4c15-8203-db290e5f2ac6.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--efaa34ae-128a-4eb3-a11c-11b128e17a15",
+    "id": "bundle--0fe3a006-8336-4d26-b693-aa7c5bb31708",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
index 5e98321260..c6607fb8c1 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--10fa8d8d-1b04-4176-917e-738724239981.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a51ac7ef-bf20-43c3-9d29-fd6b24ff1cfd",
+    "id": "bundle--e9399787-3f50-4ca2-9b5d-891eaf9fbece",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
index 64a141a581..cb7e075e6e 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--363bbeff-bb2a-4734-ac74-d6d37202fe54.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--c696cc12-32dc-4f36-904d-d2d3160610d4",
+    "id": "bundle--eff2286a-d454-4cda-aea1-181a62bc8258",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
index dc35918e76..0eaef93624 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3e962de5-3280-43b7-bc10-334fbc1d6fa8.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--fda64103-db36-4894-bd9d-0ad5cf812e8f",
+    "id": "bundle--015bd2ae-5f84-4dc8-87fd-fe84a92e2386",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
index b42b211de2..e32dd3266b 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--3f660805-fa2e-42e8-8851-57f9e9b653e3.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--3df1208e-3dc6-4bb9-a03d-ebbe96660545",
+    "id": "bundle--eb728eeb-a83f-4808-916c-91484d10fd5d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
index 6a9121e0b5..de6555c8e8 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--4a800987-a3a8-4d56-a1bd-0d7171431756.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--8231ef22-d43a-4a87-8a0f-ce4542ee34ab",
+    "id": "bundle--991c0fd4-15c5-4141-a57f-3b7a9210de7d",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
index 0c94ca893f..914277582e 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6ebce653-294a-444a-bffb-14c04c8d137e.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--e9f56564-292a-4db4-9c7b-5ef26e84e012",
+    "id": "bundle--1ae6ccf2-504f-4be6-abe4-515c6bc0f4df",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
index 4ec0d94a2c..f109f272ec 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--6fcb36b8-3776-483b-8699-42215714fb10.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--a6613e71-6917-4ebd-82a3-67089ca67edc",
+    "id": "bundle--a784d173-466e-4c38-8321-2ff16c23b346",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
index 99c58e9efc..58984f1310 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7a0d25d3-f0c0-40bf-bf90-c743871b19ba.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--7e6bce62-7e05-4139-9243-e538cbe9c372",
+    "id": "bundle--2acdfc3d-5bce-4703-b889-560d8fd9e707",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
index 6430906954..22c38c9dae 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--7be441c2-0095-4b1e-8125-fa8ffda29b0f.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--ae081da6-a00b-421b-94b0-d325ce3bb91c",
+    "id": "bundle--2b7447a6-5445-4309-9b3f-c613ceac7b25",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
index 0f22757be8..9a376055ab 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--987cda6d-eb77-406b-bf68-bcb5f3d2e1df.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4a021dda-0950-43dc-9570-b431b667e116",
+    "id": "bundle--4748ca3a-888b-4f9d-b15f-174c928d1d8c",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
index 487a24461c..ed4e9a4da9 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--9eb4c21e-4fa8-44c9-b167-dbfc455f9210.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--81031e9d-fff8-4a4d-8910-f277a9bc8ff0",
+    "id": "bundle--ed7a682d-4c95-43b4-b2d0-b3364a0c0af4",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
index 648321ba66..93d94cbf3c 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--d418cdeb-1b9f-4a6b-a15d-2f89f549f8c1.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--40759d9d-4a98-4b9d-9e3b-65feb5311124",
+    "id": "bundle--1b2ac6b2-590f-40f2-9342-7a79a151c031",
     "spec_version": "2.0",
     "objects": [
         {
diff --git a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
index 99c150efa3..d5d5a63c12 100644
--- a/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
+++ b/mobile-attack/x-mitre-tactic/x-mitre-tactic--e78d7d60-41b5-49b7-b0a9-5c5d4cbabe17.json
@@ -1,6 +1,6 @@
 {
     "type": "bundle",
-    "id": "bundle--4d8dee21-bbff-49dd-a8d3-96a09a77cb5a",
+    "id": "bundle--724946ea-ea54-4766-9b68-f910ec0375b5",
     "spec_version": "2.0",
     "objects": [
         {